tweaks to keytool-related docs

449d2e87 · Jean-Paul Calderone · b2162c81 · 449d2e87 · 449d2e87
Commit 449d2e87 authored Jun 28, 2023 by Jean-Paul Calderone
--- a/README.md
+++ b/README.md
@@ -38,17 +38,18 @@ A new key store containing a signing key can be created with `keytool` like:
 $ keytool \
    -genkey \
 	-v \
-     -keystore ./android.keystore \
+	-keystore ./android-release.keystore \
 	-alias release \
 	-keyalg RSA \
 	-keysize 2048 \
 	-validity 3650 \
-     -deststoretype pkcs12
+	-dname "CN=...;OU=...;O=...;L=...;ST=...;C=..."
 ```

-Both the store and the key have passwords which must be known to the release derivation.
+The store password must be known to the release derivation.
 `obelisk/default.nix` expects `obelisk/android-signing-key.nix` to exist to find this information.
 See `obelisk/android-signing-key-example.nix` for an example of this file.
+Note that values in the *dname* must have the following characters backslash-escaped: `,+=<>#;`.

 Build an Android release apk:


--- a/obelisk/default.nix
+++ b/obelisk/default.nix
@@ -109,6 +109,9 @@ let
    fn;

  # See README.md for information about managing ./android.keystore.
+  #
+  # android-signing-key.nix is *not* part of this repository since it contains
+  # the signing-related secrets and must not be public.
  releaseKey = import ./android-signing-key.nix;

  # Create a new derivation like `frontend` but with Gradle instructions to