From 364e609ebe2ee867b2d156bc96be135ec8da385a Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 20 Dec 2016 14:09:45 +0100
Subject: [PATCH] make `fdroid verify` use common.verify_apks()

This makes the jarsigner the ultimate and only judge of whether two APKs
match.  This is the best tool since APK signatures are jar signatures. This
should be eventually updated to use the official Android APK signing tool
called apksigner.

https://android.googlesource.com/platform/tools/apksig/
---
 fdroidserver/verify.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fdroidserver/verify.py b/fdroidserver/verify.py
index c13055a0..cac31a9c 100644
--- a/fdroidserver/verify.py
+++ b/fdroidserver/verify.py
@@ -78,9 +78,9 @@ def main():
             logging.info("...retrieving " + url)
             net.download_file(url, dldir=tmp_dir)
 
-            compare_result = common.compare_apks(
-                os.path.join(unsigned_dir, apkfilename),
+            compare_result = common.verify_apks(
                 remoteapk,
+                os.path.join(unsigned_dir, apkfilename),
                 tmp_dir)
             if compare_result:
                 raise FDroidException(compare_result)