Android APK signing returns " ZipFile invalid LOC header (bad signature)" error


Bitrise Build Issue Report template

Description of the issue

I’m trying to sign an APK with the sign-apk step (1.7.2). This workflow would sign and release the APK through Firebase App Distribution for internal testing. I already built several other workflows where I’m signing the AAB with this step and I haven’t encountered this issue yet. Furthermore, this workflow was copied from an already working one and I don’t think I’ve messed up any of the configs.

Every time the workflow tries to sign the APK, it exits with the following error message:
Failed to sign Build Artifact, error: [jarsigner: unable to sign jar: ZipFile invalid LOC header (bad signature)


Where did the issue happen?, Android & Docker, on Ubuntu 16.04

Which build Step causes the issue and which version of the step?

Sign APK 1.7.2


You can reproduce this issue with the following settings:

- android-build@0:
    - variant: stagingRelease
- sign-apk@1:
    - android_app: "$BITRISE_APK_PATH"
    - verbose_log: 'true'
    - debuggable_permitted: 'false'
    - output_name: app-name-redacted-staging-release-signed
    is_always_run: true

This issue occurs every time.

Local reproduction: Linux / Android (docker based) stack builds

I have no experience with local building so I can not comment on this, unfortunately.

Build log

Please copy paste the build’s URL here (or if the issue happens somewhere else then the full logs), or if you can’t share the url / log here then send the url or full log through a private channel (e.g. email - ), with a link to the related Discuss issue.

I can’t share the log publicly but I will send it through the private channels if required.



Can I get official support on this guys? I feel like this is a Bitrise build issue and not me messing up the almost identical settings…