Skip to content

fix(cli): use single quote to prevent bash expansion#982

Open
mongj wants to merge 2 commits intoGoogleChromeLabs:mainfrom
mongj:mongj/keystore-password-quote-fix
Open

fix(cli): use single quote to prevent bash expansion#982
mongj wants to merge 2 commits intoGoogleChromeLabs:mainfrom
mongj:mongj/keystore-password-quote-fix

Conversation

@mongj
Copy link

@mongj mongj commented Dec 6, 2025

Fixes #973

Problem

When signing APKs or App Bundles, the keystore password and key password are passed to command-line tools (apksigner and jarsigner). Currently, these passwords were wrapped in double quotes ("), which allows bash to perform expansion on special characters like $, !, backticks, and others.

For example, if a user's keystore password contains characters like $ecret or pa$$word, bash would interpret $ecret or $$ as variable references, causing the signing process to fail with incorrect password errors.

Solution

Updated signApk() and signAppBundle() methods to use single quotes instead of double quotes for password parameters, so we use the password as a literal string. Also escapes single quotes in the password.

Testing

  • Tested with passwords containing special characters ($, !, backticks)
  • Verified APK and App Bundle signing still works with normal passwords

@google-cla
Copy link

google-cla bot commented Dec 6, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@mongj mongj marked this pull request as ready for review December 6, 2025 02:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Error when building from generated keystore file

1 participant

Comments