kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-18 20:50:10 +01:00
Code Activity

Use jarsigner to verify reproducible APKs

Browse Source
This commit is contained in:
akwizgran 2020-09-29 12:18:56 +00:00 committed by Marcus
parent 3c19490b34
commit 896ffed703
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
fdroidserver/common.py
View File

@ -3178,7 +3178,14 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir):
return "duplicate filename found: " + info.filename return "duplicate filename found: " + info.filename
tmp.writestr(info, unsigned.read(info.filename)) tmp.writestr(info, unsigned.read(info.filename))
verified = verify_apk_signature(tmp_apk) # Use jarsigner to verify the v1 signature on the reproduced APK, as
# apksigner will reject the reproduced APK if the original also had a v2
# signature
try:
verify_jar_signature(tmp_apk)
verified = True
except Exception:
verified = False
if not verified: if not verified:
logging.info("...NOT verified - {0}".format(tmp_apk)) logging.info("...NOT verified - {0}".format(tmp_apk))