Problem is my app apk is signed with sha1 signer #1 and sha1 signer #2 using jarsigner. meaning multisigned using both first-release-key.jks and second-release-key.jks which i believe now is wrong. Apk shows both certs. Now trying to sign apk with apksigner using sha2 signer #1 and then sha2 signer #2 is failing.
https://developer.android.com/studio/command-line/apksigner
Usually, you sign an APK using only one signer. In the event that you need to sign an APK using multiple signers, use the --next-signer option to separate the set of general options to apply to each signer:
apksigner sign [signer_1_options] --next-signer [signer_2_options] app-name.apk
apksigner sign --ks sample.keystore --ks-key-alias abc --ks-pass pass:xyz --key-pass pass:somepass --next-signer --ks someks.jks --ks-key-alias key0 --ks-pass pass:123456 --key-pass pass:123456 MSIGN.apk
When --next-signer used with above is used apksigner gets error to use "SigningCertificateLineage"
Exception in thread "main" java.lang.IllegalStateException: Multiple signing certificates provided for use with APK Signature Scheme v3 without an accompanying SigningCertificateLineage
Source code:
Anyone help where to get SigningCertificateLineage and accompanying SigningCertificateLineage while using --next-signer hence apk is multi signed?
Thanks
Found the solution.
1)Get the certificate lineage usign below.
apksigner rotate --out /path/to/new/file --old-signer \ --ks my.keystore --new-signer --ks mynew.jks
2)Multi sign using both the certificate passwords.
apksigner sign --lineage mylineagefile --ks my.keystore --next-signer --ks mynew.jks my.apk
https://android.googlesource.com/platform/tools/apksig/+/refs/heads/master/src/apksigner/java/com/android/apksigner