| 7 Apr 2021 |
 _hc | or really, that should be the source of that anti-feature | 21:03:19 |
| _hc | DisabledAlgorithm | 21:03:32 |
| _hc | there are some test cases around that | 21:03:43 |
 jochensp | but they don't have an MD5, as far as I can see | 21:05:10 |
| jochensp | (and they should not as they where signed with apksigner, last month) | 21:05:34 |
| _hc | it has some other error, see man jarsigner | 21:07:45 |
| _hc | the exit code is 130 | 21:07:50 |
| _hc | there is the section "SEVERE WARNINGS" | 21:08:01 |
| _hc | oh weird, it seems to have corrected itself to exit code 4 | 21:08:58 |
| _hc | jarsigner -verify -strict -verbose de.chagemann.regexcrossword_26.apk gives me 4 on my machine... | 21:10:24 |
| jochensp | yeah, but do we care or do we rather use apksigner? | 21:11:28 |
| _hc | well we did care once upon a time | 21:13:29 |
| _hc | I think it still makes sense | 21:13:59 |
| _hc | but I don't know the whole picture | 21:14:06 |
| jochensp | but that sounds like the build server is using jarsigner for verification, still | 21:14:47 |
| jochensp | maybe because verification is done on a different system? | 21:15:27 |
| _hc | ah right could be | 21:19:43 |
| _hc | but for me, both jarsigner and apksigner verified de.chagemann.regexcrossword_26.apk | 21:20:23 |
| jochensp | how did you call jarsigner? | 21:21:45 |
| _hc | the update server has apksigner: https://f-droid.org/repo/status/update.json | 21:21:56 |
| _hc | and jarsigner an is running buster like me | 21:22:19 |
| _hc | jarsigner -verify -strict -verbose de.chagemann.regexcrossword_25.apk | 21:22:30 |
| _hc | which should produce exit value 4 | 21:22:36 |
| _hc | since APKs don't use CAs | 21:22:45 |
| _hc | certificacte authorities | 21:22:57 |
| jochensp | yeah, it does | 21:23:06 |
| jochensp | but why would the bulidserver tag them as KnownVuln, DisabledAlgorithm then? | 21:23:47 |
| jochensp | hm.. maybe we don't delete them again? | 21:30:23 |
| _hc | try this:
| 21:37:39 |
| _hc | mkdir /tmp/fdroid | 21:37:42 |
