F-Droid Devs

73 Members
#fdroid-dev F-Droid development discussion only | Use #fdroid:f-droid.org for general, app- and repo-related matters | Meeting every Thursday at 11:30 UTC | This channel is publicly logged at https://matrix.f-droid.org/alias/%23fdroid-dev:f-droid.org14 Servers

Load older messages

7 Apr 2021
@eighthave:matrix.org_hcor really, that should be the source of that anti-feature21:03:19
@eighthave:matrix.org_hcthere are some test cases around that21:03:43
@freenode_jochensp:matrix.orgjochensp but they don't have an MD5, as far as I can see 21:05:10
@freenode_jochensp:matrix.orgjochensp(and they should not as they where signed with apksigner, last month)21:05:34
@eighthave:matrix.org_hc it has some other error, see man jarsigner 21:07:45
@eighthave:matrix.org_hcthe exit code is 13021:07:50
@eighthave:matrix.org_hcthere is the section "SEVERE WARNINGS"21:08:01
@eighthave:matrix.org_hcoh weird, it seems to have corrected itself to exit code 421:08:58
@eighthave:matrix.org_hc jarsigner -verify -strict -verbose de.chagemann.regexcrossword_26.apk gives me 4 on my machine... 21:10:24
@freenode_jochensp:matrix.orgjochenspyeah, but do we care or do we rather use apksigner?21:11:28
@eighthave:matrix.org_hcwell we did care once upon a time21:13:29
@eighthave:matrix.org_hcI think it still makes sense21:13:59
@eighthave:matrix.org_hcbut I don't know the whole picture21:14:06
@freenode_jochensp:matrix.orgjochenspbut that sounds like the build server is using jarsigner for verification, still21:14:47
@freenode_jochensp:matrix.orgjochenspmaybe because verification is done on a different system?21:15:27
@eighthave:matrix.org_hcah right could be21:19:43
@eighthave:matrix.org_hcbut for me, both jarsigner and apksigner verified de.chagemann.regexcrossword_26.apk21:20:23
@freenode_jochensp:matrix.orgjochensphow did you call jarsigner?21:21:45
@eighthave:matrix.org_hcthe update server has apksigner: https://f-droid.org/repo/status/update.json21:21:56
@eighthave:matrix.org_hcand jarsigner an is running buster like me21:22:19
@eighthave:matrix.org_hc jarsigner -verify -strict -verbose de.chagemann.regexcrossword_25.apk 21:22:30
@eighthave:matrix.org_hcwhich should produce exit value 421:22:36
@eighthave:matrix.org_hcsince APKs don't use CAs21:22:45
@eighthave:matrix.org_hccertificacte authorities21:22:57
@freenode_jochensp:matrix.orgjochenspyeah, it does21:23:06
@freenode_jochensp:matrix.orgjochenspbut why would the bulidserver tag them as KnownVuln, DisabledAlgorithm then?21:23:47
@freenode_jochensp:matrix.orgjochensp hm.. maybe we don't delete them again? 21:30:23
@eighthave:matrix.org_hctry this: 21:37:39
@eighthave:matrix.org_hcmkdir /tmp/fdroid21:37:42

Show newer messages

Back to Room List