应用凭据
了解 Android 和 iOS 需要什么应用凭据。
Expo 会自动执行 Android 和 iOS 应用的签名过程,但在这两种情况下,你都可以选择提供覆盖。EAS 构建 可以生成签名或未签名的应用,但要通过商店分发你的应用,它必须是签名的应用。
¥Expo automates the process of signing your app for Android and iOS, but in both cases, you can choose to provide your overrides. EAS Build can generate signed or unsigned applications, but to distribute your application through the stores, it must be a signed application.
在此页面上,你将了解每个平台所需的凭据。如果你对我们如何存储你的凭据感到好奇,请查看我们的 安全文档。
¥On this page, you'll learn about the credentials that each platform requires. If you're curious about how we store your credentials on our end, take a look at our security documentation.
安卓
¥Android
Google 要求所有 Android 应用在安装到设备上或更新之前都必须使用证书进行数字签名。通常,私钥及其公共证书存储在密钥库中。过去,上传到商店的 APK 需要使用应用签名证书(将附加到 Play 商店中的应用的证书)进行签名,如果密钥库丢失,则无法恢复或重置它 。现在,你可以选择加入 Google Play 的应用签名,只需上传使用上传证书签名的 APK,Google Play 就会自动将其替换为应用签名证书。旧方法(应用签名证书)和新方法(上传证书)本质上是相同的机制,但使用新方法时,如果你的上传密钥库丢失或被泄露,你可以联系 Google Play 支持团队重置密钥。
¥Google requires all Android apps to be digitally signed with a certificate before they are installed on a device or updated. Usually, a private key and its public certificate are stored in a keystore. In the past, APKs uploaded to the store were required to be signed with the app signing certificate (a certificate that will be attached to the app in the Play Store), and if the keystore was lost there was no way to recover or reset it. Now, you can opt-in to App Signing by Google Play and simply upload an APK signed with an upload certificate, and Google Play will automatically replace it with the app signing certificate. Both the old method (app signing certificate) and new method (upload certificate) are essentially the same mechanisms, but using the new method, if your upload keystore is lost or compromised, you can contact the Google Play support team to reset the key.
从 Expo 构建过程的角度来看,使用上传证书或应用签名密钥对应用进行签名没有区别。无论哪种方式,eas build 都会生成一个使用当前与你的应用关联的密钥库签名的 .apk 或 .aab。如果你想手动生成上传密钥库,可以按照创建原始密钥库的方式进行操作。
¥From the Expo build process's perspective, there is no difference between whether an app is signed with an upload certificate or an app signing key. Either way, eas build will generate an .apk or .aab signed with the keystore currently associated with your application. If you want to generate an upload keystore manually, you can do that the same way you created your original keystore.
请参阅 Android 的文档 以查找有关此过程的更多信息。
¥See Android's documentation to find more information about this process.
Google Play 的应用签名
¥App signing by Google Play
当你 将你的第一个版本上传到 Google Play 时,你将看到有关 "Google Play 的应用签名" 和 "Google 正在保护你的应用签名密钥" 的通知。这是默认行为,除了按 "继续" 之外,你不需要执行任何操作。
¥When you upload your first release to Google Play you will see a notice about "App signing by Google Play" and "Google is protecting your app signing key". This is the default behavior and requires no action on your behalf except to press "Continue".
如果你当前管理你的应用签名密钥并希望 Google 为你管理,请参阅 使用 Google Play 的应用签名。
¥If you currently manage your app signing key and want Google to manage it for you, see Use app signing by Google Play.
Lost your keystore? Learn how to reset your upload key on Google Play
要将你的 Expo 密钥库与 Google 同步,请按照以下步骤操作:
¥To sync your Expo keystore with Google, follow these steps:
下载凭证
¥Download credentials
在终端窗口中:
¥In a terminal window:
-
运行
eas credentials命令。¥Run
eas credentialscommand. -
选择
Android作为你要下载其凭据的平台和配置文件。¥Select
Androidfor the platform and the profile whose credentials you wish to download. -
选择选项
credentials.json: Upload/Download credentials between EAS servers and your local json。¥Select the option
credentials.json: Upload/Download credentials between EAS servers and your local json. -
选择
Download credentials from EAS to credentials.json。¥Select
Download credentials from EAS to credentials.json.
你的应用的密钥库应保密。在任何情况下都不应将其签入存储库。调试密钥库是唯一的例外,因为我们不使用它们将应用上传到 Google Play 商店。
¥Your application's keystore should be kept private. Under no circumstances should you check it into your repository. Debug keystores are the only exception because we don't use them for uploading apps to the Google Play Store.
将密钥库导出为 pem 格式
¥Export keystore to pem format
下载凭据和密钥库后,将其导出为 pem 格式,以便你可以将其提交给 Google:
¥Once you have downloaded your credentials and the keystore, export it to the pem format so that you can submit it to Google:
-
在凭证.json 文件中的
keyAlias密钥下找到密钥别名。¥Find the key alias in your credentials.json file under the
keyAliaskey. -
使用
keytool导出证书:¥Use
keytoolto export the certificate:
- keytool -export -rfc -alias alias_from_step_1 -file certificate_for_google.pem -keystore ./path/to/keystore.jks联系 Google 支持人员
¥Contact Google support
请联系 Google 支持并请求他们使用 这份支持表格 更改你的密钥。填写表单时,附上从密钥库导出的 pem 文件。
¥Contact Google Support and request them to change your key using this support form. While filling out the form, attach the pem file exported from the keystore.
一旦 Google 在你的账户上更新了此信息,通过 eas build 创建的版本将按照 Google Play 商店的预期正确签名。请注意,Google 会将新上传证书的有效期开始日期设置为未来 72 小时,因此你必须在执行此过程后等待首次提交。
¥Once Google updates this on your account, builds created through eas build will be correctly signed as expected by the Google Play Store. Note that Google will set the validity start date of the new upload certificate to 72 hours in the future so you'll have to wait before your first submission after performing this process.
iOS 系统
¥iOS
3 个主要 iOS 凭据均与你的 Apple 开发者账户关联,它们是:
¥The 3 primary iOS credentials, all of which are associated with your Apple Developer account, are:
-
经销证书
¥Distribution Certificate
-
配置文件
¥Provisioning Profiles
-
推送通知键
¥Push Notification Keys
无论你是让 EAS 处理你的所有凭证,还是你自己处理它们,了解每个凭证的含义、使用它们的时间和地点以及它们过期或被撤销时会发生什么情况都是很有价值的。你可以通过运行 eas credentials 使用 EAS CLI 检查和管理你的所有凭证。
¥Whether you let EAS handle all your credentials, or you handle them yourself, it can be valuable to understand what each of these credentials means, when and where they're used, and what happens when they expire or are revoked. You can inspect and manage all your credentials with EAS CLI by running eas credentials.
经销证书
¥Distribution certificate
分发证书与你(开发者)有关,而不是与任何特定应用有关。你可能只有一个与你的 Apple 开发者账户关联的分发证书。该证书将用于你的所有应用。如果此证书过期,你生产中的应用将不会受到影响。但是,如果你想要将新应用上传到 App Store 或更新任何现有应用,则需要生成新证书。删除分发证书对 App Store 上已有的任何应用没有影响。你可以在下次构建时通过运行 eas credentials 并按照提示操作来清除 Expo 当前为你的应用存储的分发证书。
¥The distribution certificate is all about you, the developer, and not about any particular app. You may only have one distribution certificate associated with your Apple Developer account. This certificate will be used for all of your apps. If this certificate expires, your apps in production will not be affected. However, you will need to generate a new certificate if you want to upload new apps to the App Store or update any of your existing apps. Deleting a distribution certificate has no effect on any apps already on the App Store. You can clear the distribution certificate Expo currently has stored for your app the next time you build by running eas credentials and following the prompts.
推送通知键
¥Push Notification keys
Apple 推送通知键(通常缩写为 APN 密钥)允许关联的应用发送和接收推送通知。
¥Apple Push Notification Keys (often abbreviated as APN keys) allow the associated apps to send and receive push notifications.
你最多可以有 2 个与你的 Apple 开发者账户关联的 APN 密钥,并且单个密钥可用于任意数量的应用。如果你撤销 APN 密钥,则所有依赖该密钥的应用将无法再发送或接收推送通知,直到你上传新密钥来替换它。上传新的 APN 密钥不会更改用户的 Expo 推送令牌。推送通知密钥不会过期。你可以通过运行 eas credentials 并按照提示操作来清除 Expo 当前为你的应用存储的 APN 密钥。
¥You can have a maximum of 2 APN keys associated with your Apple Developer account, and a single key can be used with any number of apps. If you revoke an APN key, all apps that rely on that key will no longer be able to send or receive push notifications until you upload a new key to replace it. Uploading a new APN key will not change your users' Expo Push Tokens. Push notification keys do not expire. You can clear the APN key Expo currently has stored for your app by running eas credentials and following the prompts.
Expo 创建的 APN 密钥可以在 Expo 网站 上下载。
¥APN keys created by Expo can be downloaded on the Expo website.
配置文件
¥Provisioning profiles
每个配置文件都是特定于应用的,这意味着你提交到 App Store 的每个应用都将拥有一个配置配置文件。这些配置文件与你的分发证书关联,因此如果该证书被撤销或过期,你还需要重新生成应用的配置文件。与分发证书类似,撤销应用的配置文件不会对 App Store 上已有的应用产生任何影响。
¥Each profile is app-specific, meaning you will have a provisioning profile for every app you submit to the App Store. These provisioning profiles are associated with your distribution certificate, so if that is revoked or expired, you'll need to regenerate the app's provisioning profile, as well. Similar to the distribution certificate, revoking your app's provisioning profile will not have any effect on apps already on the App Store.
预配配置文件将在 12 个月后过期,但这不会影响生产中的应用。你只需在下次构建应用时通过运行 eas build -p ios 或手动使用 eas credentials 创建一个新应用。
¥Provisioning profiles expire after 12 months, but this won't affect apps in production. You will just need to create a new one the next time you build your app by running eas build -p ios, or manually with eas credentials.
概括
¥Summary
| 凭据 | 每个账户的限额 | 特定于应用? | 可以撤销而不对生产产生副作用吗? | 使用于 |
|---|---|---|---|---|
| 经销证书 | 2 | 构建时间 | ||
| 推送通知键 | 2 | 运行 | ||
| 配置文件 | 无限 | 构建时间 |
清除凭据
¥Clearing credentials
当你使用 eas credentials 命令删除凭据时,这只会从 Expo 的服务器中删除这些凭据。它不会从 Apple 的角度删除凭据。这意味着要完全删除你的凭据(例如,如果你想要一个新的推送通知密钥,但你已经有两个),你需要从 苹果开发者控制台。
¥When you use the eas credentials command to delete your credentials, this only removes those credentials from Expo's servers. It does not delete the credentials from Apple's perspective. This means that to fully delete your credentials (for example, if you want a new push notification key, however, you already have two), you'll need to do so from the Apple Developer Console.
重新签署新凭证
¥Re-signing new credentials
你可以使用 eas build:resign 将适用于 iOS 的现有 .ipa 共同设计为新的临时配置文件。这有助于减少内部分发的时间 - 例如,如果你想向现有版本添加新的测试设备,你可以使用此命令更新配置文件以包含该设备,而无需从头开始重建整个应用。
¥You can use eas build:resign to codesign an existing .ipa for iOS to a new ad hoc provisioning profile. This helps reduce time when distributing internally — for example, if you want to add a new test device to an existing build, you can use this command to update the provisioning profile to include the device without rebuilding the entire app from scratch.
运行该命令将要求你选择要重新签名的构建。例如,在示例项目中运行命令会显示可用的构建:
¥Running the command will ask you to select a build that you want to re-sign. For example, running the command in an example project shows an available build:
选择构建后,按照步骤登录你的 Apple 开发者账户。当出现提示“显示设备并再次询问我”时,你可以选择新的配置文件。
¥After selecting the build, follow the steps to log in to your Apple Developer account. When prompted Show devices and ask me again, you can select a new provisioning profile.
选择一个新设备,该命令将再次运行 EAS Build。请注意,这次触发的构建重用了所选构建中的应用工件,并使用新的配置文件对其进行了共同设计。此过程完成后,你可以使用此新的构建链接在添加到配置文件的 iOS 设备上安装 .ipa。
¥Select a new device, and the command will run the EAS Build again. Note that the build triggered this time reuses the application artifact from the selected build and codesigns it with the new provisioning profile. Once this process is complete, you can use this new build link to install the .ipa on the iOS device added to the provisioning profile.