F-Droid Devs

159 Members
#fdroid-dev F-Droid development discussion only | Use #fdroid:f-droid.org for general, app- and repo-related matters | Meetings: https://gitlab.com/fdroid/wiki/-/wikis/Weekly-Office-Hours | Room history is public31 Servers

Load older messages


SenderMessageTime
29 Jun 2021
@_oftc_jochensp:matrix.orgjochenspcongrats :)19:57:07
@obfusk:matrix.org@obfusk:matrix.org
In reply to @eighthave:matrix.org
the cloudflare CEO does speak intelligently on the topic, it is worth listening too. I'm not saying I agree with the policy of hosting lots of horrible sites. His point is that he should not be the one who makes those decisions by himself. As CEO, he has the power to effectively kick sites of the internet.
should the cloudflare CEO make those decisions? no. but if there's no one else making those decisions, that makes them responsible (even if they should not be).
19:59:18
@obfusk:matrix.org@obfusk:matrix.org if cloudflare chooses to "host" sites that have proven to be an existential threat to people like me, I'm going to have a problem with that. and that's certainly not "censorship". 20:03:40
@obfusk:matrix.org@obfusk:matrix.org jochensp: thx :) 20:05:24
@cdesai:matrix.orgcdesaihttps://developer.android.com/guide/app-bundle/code-transparency21:29:05
@cdesai:matrix.orgcdesai
The code transparency file does not verify resources, assets, the Android Manifest, or any other files that are not DEX files or native libraries contained in the lib/ folder.
21:29:56
@debeule:gnugen.chartectrex
Important: The Android OS does not verify code transparency files at install time, and continues to rely on the APK signing schemes for verification of any installed APKs.
21:32:57
@obfusk:matrix.org@obfusk:matrix.orgapp bundles make reproducible builds hard to impossible. and Google always has access to your signing key.21:35:21
@debeule:gnugen.chartectrexSo they ask for our private key, then hide a "proof" somewhere no-one checks21:35:42
@andreas:schildbach.deAndreas
In reply to @obfusk:matrix.org
Andreas: apksigcopier is now in Debian unstable, so you could use that for the signature extraction (though you'd have to pass it the correct output directory manually).
That's great news. So fdroidserver isn't really any more.
21:36:27
@obfusk:matrix.org@obfusk:matrix.org
In reply to @debeule:gnugen.ch
So they ask for our private key, then hide a "proof" somewhere no-one checks
and for e.g. my python for android apps that "proof" is useless.
21:36:33
@andreas:schildbach.deAndreas
In reply to @obfusk:matrix.org
Andreas: apksigcopier is now in Debian unstable, so you could use that for the signature extraction (though you'd have to pass it the correct output directory manually).
* That's great news. So fdroidserver isn't really any more on my side.
21:36:38
@debeule:gnugen.chartectrexHow can the engineers working on this go to bed happy about what they did? Baffling.21:36:50
@obfusk:matrix.org@obfusk:matrix.orgspeaking of Google: https://agateau.com/2021/google-does-not-want-you-to-tell-your-players-about-your-donation-page/21:37:23
@obfusk:matrix.org@obfusk:matrix.org^ I've run into this as well with my google play apps.21:37:45
@obfusk:matrix.org@obfusk:matrix.organd I checked the ToS: donations are actually allowed. I've told Google about that and they've refused to tell me which part of the ToS I'm supposedly violating.21:40:16
@obfusk:matrix.org@obfusk:matrix.org
In reply to @andreas:schildbach.de
That's great news. So fdroidserver isn't really any more on my side.
I assume it will make it to Ubuntu as well, but I'm not sure how that process works.
21:41:16
@_oftc_jochensp:matrix.orgjochensp 幸猫: Ubuntu pulls from unstable automatically 21:41:47
@obfusk:matrix.org@obfusk:matrix.org jochensp: and that automatically includes new packages? 21:42:31
@_oftc_jochensp:matrix.orgjochenspYes21:43:06
@obfusk:matrix.org@obfusk:matrix.orgI wasn't sure about that. thx for the confirmation.21:43:36
@andreas:schildbach.deAndreas

I just used apksigcopier on my apk and got these files:

APKSigningBlock  APKSigningBlockOffset  BITCOIN-.RSA  BITCOIN-.SF  MANIFEST.MF

Is this exactly what goes into the metadata?

21:46:49
@obfusk:matrix.org@obfusk:matrix.org Andreas: yes. see e.g. https://gitlab.com/fdroid/fdroiddata/-/merge_requests/8845/diffs 21:49:07
@obfusk:matrix.org@obfusk:matrix.orgthose files go in metadata/$APPID/signatures/$VERSIONCODE/21:49:52
@obfusk:matrix.org@obfusk:matrix.org Andreas: and the CI will test RB if you include the signatures in the MR :) 21:51:17
@andreas:schildbach.deAndreas Yes, the directory structure is already present – it was created by fdroidserver signatures. 21:51:38
@andreas:schildbach.deAndreasHere is my first take: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9319 Did I miss anything?22:08:29
@obfusk:matrix.org@obfusk:matrix.org
In reply to @andreas:schildbach.de
Here is my first take: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9319 Did I miss anything?
doesn't look like it. we'll see whether the CI agrees :p
22:12:02
@andreas:schildbach.deAndreasIt doesn't agree: https://gitlab.com/schildbach/fdroiddata/-/jobs/138718791922:17:52
@andreas:schildbach.deAndreas chown: cannot access '/home/vagrant/build/de.schildbach.wallet': Permission denied 22:18:13

There are no newer messages yet.


Back to Room ListRoom Version: 6