make fdroid verify use common.verify_apks()

This makes the jarsigner the ultimate and only judge of whether two APKs match. This is the best tool since APK signatures are jar signatures. This should be eventually updated to use the official Android APK signing tool called apksigner. https://android.googlesource.com/platform/tools/apksig/
2025-11-04 22:40:29 +03:00 · 2016-12-20 14:09:45 +01:00 · 2016-12-20 14:09:45 +01:00 · 364e609ebe
commit 364e609ebe
parent 998b6245e9
1 changed files with 2 additions and 2 deletions
--- a/fdroidserver/verify.py
+++ b/fdroidserver/verify.py
@ -78,9 +78,9 @@ def main():
            logging.info("...retrieving " + url)
            net.download_file(url, dldir=tmp_dir)

-            compare_result = common.compare_apks(
-                os.path.join(unsigned_dir, apkfilename),
+            compare_result = common.verify_apks(
                remoteapk,
+                os.path.join(unsigned_dir, apkfilename),
                tmp_dir)
            if compare_result:
                raise FDroidException(compare_result)