7 Apr 2021 |
@freenode_jochensp:matrix.org | (and forcing apksigner would have been an easy way to exclude one case) | 21:02:19 |
_hc | if this is just an anti-feature issue, you can just download the APK from f-droid.org and check it | 21:02:21 |
@freenode_jochensp:matrix.org | I did | 21:02:27 |
@freenode_jochensp:matrix.org | they verify with apksigner but not with jarsigner | 21:02:35 |
_hc | right because apksigner still treats MD5 as valid while Java/jarigner does not | 21:03:01 |
_hc | or really, that should be the source of that anti-feature | 21:03:19 |
_hc | DisabledAlgorithm | 21:03:32 |
_hc | there are some test cases around that | 21:03:43 |
@freenode_jochensp:matrix.org | but they don't have an MD5, as far as I can see | 21:05:10 |
@freenode_jochensp:matrix.org | (and they should not as they where signed with apksigner, last month) | 21:05:34 |
_hc | it has some other error, see man jarsigner | 21:07:45 |
_hc | the exit code is 130 | 21:07:50 |
_hc | there is the section "SEVERE WARNINGS" | 21:08:01 |
_hc | oh weird, it seems to have corrected itself to exit code 4 | 21:08:58 |
_hc | jarsigner -verify -strict -verbose de.chagemann.regexcrossword_26.apk gives me 4 on my machine... | 21:10:24 |
@freenode_jochensp:matrix.org | yeah, but do we care or do we rather use apksigner? | 21:11:28 |
_hc | well we did care once upon a time | 21:13:29 |
_hc | I think it still makes sense | 21:13:59 |
_hc | but I don't know the whole picture | 21:14:06 |
@freenode_jochensp:matrix.org | but that sounds like the build server is using jarsigner for verification, still | 21:14:47 |
@freenode_jochensp:matrix.org | maybe because verification is done on a different system? | 21:15:27 |
_hc | ah right could be | 21:19:43 |
_hc | but for me, both jarsigner and apksigner verified de.chagemann.regexcrossword_26.apk | 21:20:23 |
@freenode_jochensp:matrix.org | how did you call jarsigner? | 21:21:45 |
_hc | the update server has apksigner: https://f-droid.org/repo/status/update.json | 21:21:56 |
_hc | and jarsigner an is running buster like me | 21:22:19 |
_hc | jarsigner -verify -strict -verbose de.chagemann.regexcrossword_25.apk | 21:22:30 |
_hc | which should produce exit value 4 | 21:22:36 |
_hc | since APKs don't use CAs | 21:22:45 |
_hc | certificacte authorities | 21:22:57 |