Search code examples
androidazure-devopsazure-devops-self-hosted-agent

ADB RSA key fingerprint changes on Azure DevOps (vsts) self hosted agent

I have a VSTS/Azure DevOps self hosted agent running as a service on a machine with an Android device attached via USB that I'd like to use with ADB.

During the build a Command Line task invokes an ADB command. I'm having an issue where the device goes unauthorized when someone logs into the machine. What I observe happening is

  • With no one logged into the machine, I plug in the Android device and get the prompt to allow USB debugging and check the always allow box and click okay
  • Builds run properly and ADB commands work
  • Sometime later, someone logs into the machine and the device goes unauthorized for them
  • During the next build when an ADB command is sent, I get the prompt again with a different RSA key fingerprint

This seems similar to RSA fingerprint change every time a new build is started, but their question is for docker/gitlab-ci.

Solution

  • To fix this, you will need to create a system wide ADB key and tell ADB where it is using the ADB_VENDOR_KEYS environmental variable.

    ADB_VENDOR_KEYS is described as a colon-separated list of keys (files or directories). You should be able to set it to a directory, but I was only able to get it to work with a file at the time. Since ADB is being run in a service, it is really important to set this as a system environmental variable and not a user environmental variable.

    The set up steps are

    • Create an adbkey by running adb start-server or adb devices. They key will be located in C:\Users\<yourname>\.android. If you are already running adb (probably the case) the adb server will already be started and a key will already be created.
    • Create a folder such as C:\adb_keys and copy the key to this folder
    • Add an system environmental variable called ADB_VENDOR_KEYS with a value of C:\adb_keys\adbkey or where ever the key was placed in the previous step.
    • Authorize the USB debugging connection. The steps below may be overkill, but should make sure that no snags are encountered.
      • Close and re-open the command prompt (or restart the computer) to be able to use the new the environmental variable
      • Unplug the device
      • Kill the ADB server. adb kill-server
      • Revoke USB debugging authorizations on the device. Settings > Developer options > Revoke USB debugging authorizations.
      • Disable and re-enable USB debugging on the device
      • Plug in the device
      • Start the ADB server. adb start-server or adb devices
      • Accept the "Allow USB debugging?" with the "Always allow from this computer" checkbox checked

    Restart the computer and queue up a new build that uses ADB and everything should work.