mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-06 07:20:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

index: always use jarsigner for verifying JAR signatures

Browse source 
apksigner v0.7 (build-tools 26.0.1), Google made it require that the
AndroidManifest.xml was present in the archive before it verifies the
signature.  So this needs to stick with the jarsigner hack for JARs.
This commit is contained in:
Hans-Christoph Steiner 2017-09-19 15:07:19 +02:00
parent 535f2afe90
commit 5dcb48831f
4 changed files with 31 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

12
fdroidserver/index.py
View file

@ -632,7 +632,7 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
jar = zipfile.ZipFile(fp)
# verify that the JAR signature is valid
verify_jar_signature(fp.name)
common.verify_jar_signature(fp.name)
# get public key and its fingerprint from JAR
public_key, public_key_fingerprint = get_public_key_from_jar(jar)
@ -652,16 +652,6 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
return index, new_etag
def verify_jar_signature(file):
"""
Verifies the signature of a given JAR file.
:raises: VerificationException() if the JAR's signature could not be verified
"""
if not common.verify_apk_signature(file, jar=True):
raise VerificationException(_("The repository's index could not be verified."))
def get_public_key_from_jar(jar):
"""
Get the public key and its fingerprint from a JAR file.