Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
casolorz
Roku Guru

Package keys

I'm going to publish my first package, it will be private at first while beta testing. I have created the package and saved the password. Is the password the only thing I need to save to be able to recreate the package in the future? Is there a keystore or anything like that? 

Thanks. 
0 Kudos
11 REPLIES 11
renojim
Community Streaming Expert

Re: Package keys

Keep the package (.pkg file) you downloaded from your Roku device and the password. With those two things you can rekey any device in the future when you need to update your channel. You'll probably want to keep the .zip file that went with the .pkg file (if you're not using some kind of version control system) since there's no way to examine the packaged/encrypted code should you need to in the future.

-JT
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
casolorz
Roku Guru

Re: Package keys

I do have source control. Is it recommended to store the zip and pkg on git? 

All I did was use the deployment script and it generated the pkg (I guess maybe it downloaded it from the device?). I guess I'll have another developer test on his end to make sure it is working. I'm assuming if I try to publish a package on my channel with the wrong key then it won't work since I already published it once with a different key?
0 Kudos
renojim
Community Streaming Expert

Re: Package keys

I use git for my source control, but you can use pretty much anything.  You don't really need to keep the zip if you're good about source control, but I still like to keep the zip after each time I publish since I'm not real good about committing things in git at the appropriate times and it's just easier for me to find the zip that went with a release than going through git (I'm far from a git expert).  There's really no need to keep any more than one package since there's no way to "depackage".  Any package can be used to rekey a unit, so you just need to keep one with its password.  I'm sure your deployment script downloaded the pkg from the Roku since I don't believe there's any way to create a pkg without a Roku device.

You can publish with different keys, but it's definitely not recommended and you'll get no error/warning that you're using the "wrong" key.  You'll lose any registry entries your channel has created since they're tied to the key.  You can use the same key for multiple channels and then they can share registry entries.  There's rarely a need for that, but I also don't want to go about creating a new key for every channel I create.  When a user removes a channel (or all channels that used the same key), the registry entries associated with that key are purged from the unit on the next reboot/update.

I suppose technically you don't even need to keep the pkg since you can always download it from the developer site. It downloads with a .zip extension, but it's really a pkg. I just like to keep one around for each one of my projects.

-JT
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
casolorz
Roku Guru

Re: Package keys

I think I understand now. When I "deployed" the zip to the roku, the roku gave me back a signed pkg using the password I gave it? And now the roku has a key for signing future ones? 
0 Kudos
renojim
Community Streaming Expert

Re: Package keys

That's about it except that the key is generated in the first place by running genkey when you Telnet to port 8080.  It's genkey that produces the key and password pair.  Is that handled by your deployment script?  If so, make sure every time your deployment script runs it's not generating a new key (and spitting out a new password).

The Roku unit stores the key somewhere and uses that along with the password to encrypt/sign the package.  You can change the current key by rekeying using the web interface (uploading a package file and providing the appropriate password) or running genkey to produce a new key/password pair. You can develop with any box that's using any key (or none at all). It's only when you create the final package to upload to the developer site that you want to make sure the box is keyed properly.

I have to take something back about trying to upload a package with a different key.  In the past the developer site didn't complain about the key being different from the previous package, but I think it does now.  It's not something I've tried recently.

-JT
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
casolorz
Roku Guru

Re: Package keys

Played a bit with it tonight. Seems like the pkg and the password is all I need. We used the pkg and password to rekey a second roku and generated a new pkg with it and it seemed to work.

Thanks for the help.
0 Kudos
gomad
Roku Guru

Re: Package keys

was the user data (registry) data retained after upgrading with the newly created pkg on a different device??
0 Kudos
casolorz
Roku Guru

Re: Package keys

My channel doesn't have any data, it is fully controlled from a phone app. The only thing that matters is that the app id be the same so the app on the phone can launch it. Is there some other way I can verify the pkg is signed the same way?
0 Kudos
gomad
Roku Guru

Re: Package keys

U could just try updating the existing app with the newly created pkg, if the Roku site accepts, then it works right? 🙂
0 Kudos