Signing & mlpackageverifier: "signature not match"

kevincain · October 10, 2023, 3:09pm

I see 'mlpackageverifier' rejection in Logcat when running native code [Windows, native API v1.3.0-dev1/v1.3.0-dev2/v1.4.0-dev1]:

2023-10-09 23:10:48.198 5744-5744 MLPackageV...::Verifier com.magicleap.mlpackageverifier E Package com.magicleap.revok signature not match
2023-10-09 23:10:48.198 5744-5744 MLPackageV...::Verifier com.magicleap.mlpackageverifier E Reject package: com.magicleap.revok permissive=1

I see this with my own apps, and while compiling the native API examples.

I have tried cleaning
./gradlew clean

cache invalidation, uninstalling the apps on device:
adb uninstall com.magicleap.revok

Strangely, deleting the signingConfigs block altogether omits the ‘signature not match’ if we do a Gradle sync before each build, but otherwise I cannot see a change app behavior.
In Android Studio I refactored the signature to ensure our given package to com.magicleap.revok is consistent in Java, C++, ‘activity_main.xml’, ‘build.gradle (:app)’, applicationId "com.magicleap.revok" and ‘AndroidManifest.xml’.

ML2 APIs seem to require special signing -- is there any reference?

Signing config in 'build.gradle' from the sample projects is as follows:

> signingConfigs {
>    release {
>        keyAlias keystoreProperties['keyAlias']
>        keyPassword keystoreProperties['keyPassword']
>        storeFile file(storeFilePrefix + keystoreProperties['storeFile'])
>        storePassword keystoreProperties['storePassword']
>    }
> }

etucker · October 10, 2023, 10:02pm

Hi @kevincain,

Thank you for reaching out to us. Are you certain that your package signatures are consistent across all files including Java, C++, ‘activity_main.xml’, ‘build.gradle (:app)’, applicationId “com.magicleap.revok”, and ‘AndroidManifest.xml’?

Best regards,

El

kevincain · October 11, 2023, 1:27am

In a word, yes.

Thanks @etucker, as I wrote, I've scoured the Android Studio project for an errant signature in the places you quote. Also, we're using the 'fully qualified' name 'com/magicleap/revok/MainActivity' where required and consistently setting package com.magicleap.revok.

Again, is there any definitive guide to naming signatures and the signing process for ML?

etucker · October 11, 2023, 6:05pm

Here is a guide on Building Signed Release APK's in Android Studio.

kevincain · October 11, 2023, 6:09pm

Thanks for that. That aligns with our practice, but I'll check again.

Topic		Replies	Views
Assistance Needed: Issue with C API Samples and SDK Compatibility in Magic Leap 2 Native Development development	8	303	May 30, 2023
MLGraphicsBeginFrame Complaint: error number 5 Native Development	5	311	May 16, 2023
Unable to build for ML2 in Android studio Native Development	3	285	December 21, 2022
Building Native App confusion for ML2 Native Development development	8	562	November 9, 2022
Android packaging error in unreal engine5.3 Unreal Engine development , unreal	3	982	February 7, 2024

Signing & mlpackageverifier: "signature not match"

Related topics