ADB RSA key fingerprint changes on Azure DevOps (vsts) self hosted agent

3
votes

I have a VSTS/Azure DevOps self hosted agent running as a service on a machine with an Android device attached via USB that I'd like to use with ADB.

During the build a Command Line task invokes an ADB command. I'm having an issue where the device goes unauthorized when someone logs into the machine. What I observe happening is

  • With no one logged into the machine, I plug in the Android device and get the prompt to allow USB debugging and check the always allow box and click okay
  • Builds run properly and ADB commands work
  • Sometime later, someone logs into the machine and the device goes unauthorized for them
  • During the next build when an ADB command is sent, I get the prompt again with a different RSA key fingerprint

This seems similar to RSA fingerprint change every time a new build is started, but their question is for docker/gitlab-ci.

1
androidazure-devopsazure-devops-self-hosted-agent
while your specific virtualization platform may be different (from the platform in the question you linked) but the root cause of the problem (non persistent user home directory) is still the same.Alex P.
The ADB host key is user specific by default. In your set-up you may want to use a computer-specific key. This should be possible via ADB_KEYS_PATH environment variable.Robert
It seems I was able to get it to work by setting the ADB_VENDOR_KEYS system environmental variable, but only when setting it to the file rather than the folder. For example, c:\adb_keys\adbkey works rather than c:\adb_keys where adbkey is the key. I assume ADB_KEYS_PATH works too, but running adb shows a list of env variables that suggests ADB_VENDOR_KEYS is what we should use.Adam
What's interesting though is that when there is no one logged in and this env variable is not set I can enable debugging. I assume an adbkey was placed somewhere on the system, but I can't find it.Adam

1 Answers

1
votes

To fix this, you will need to create a system wide ADB key and tell ADB where it is using the ADB_VENDOR_KEYS environmental variable.

ADB_VENDOR_KEYS is described as a colon-separated list of keys (files or directories). You should be able to set it to a directory, but I was only able to get it to work with a file at the time. Since ADB is being run in a service, it is really important to set this as a system environmental variable and not a user environmental variable.

The set up steps are

  • Create an adbkey by running adb start-server or adb devices. They key will be located in C:\Users\<yourname>\.android. If you are already running adb (probably the case) the adb server will already be started and a key will already be created.
  • Create a folder such as C:\adb_keys and copy the key to this folder
  • Add an system environmental variable called ADB_VENDOR_KEYS with a value of C:\adb_keys\adbkey or where ever the key was placed in the previous step.
  • Authorize the USB debugging connection. The steps below may be overkill, but should make sure that no snags are encountered.
    • Close and re-open the command prompt (or restart the computer) to be able to use the new the environmental variable
    • Unplug the device
    • Kill the ADB server. adb kill-server
    • Revoke USB debugging authorizations on the device. Settings > Developer options > Revoke USB debugging authorizations.
    • Disable and re-enable USB debugging on the device
    • Plug in the device
    • Start the ADB server. adb start-server or adb devices
    • Accept the "Allow USB debugging?" with the "Always allow from this computer" checkbox checked

Restart the computer and queue up a new build that uses ADB and everything should work.