From beed746740e4db4d77d245249b343763295dae60 Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Sun, 30 Oct 2022 00:22:15 +0200
Subject: [PATCH 1/5] Replace custom code by verify_jar_signature()

---
 fdroidserver/common.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index a8a93cd4..dae4dac9 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3748,11 +3748,11 @@ def load_stats_fdroid_signing_key_fingerprints():
     jar_file = os.path.join('stats', 'publishsigkeys.jar')
     if not os.path.isfile(jar_file):
         return {}
-    cmd = [config['jarsigner'], '-strict', '-verify', jar_file]
-    p = FDroidPopen(cmd, output=False)
-    if p.returncode != 4:
+    try:
+        verify_jar_signature(jar_file)
+    except VerificationException as e:
         raise FDroidException("Signature validation of '{}' failed! "
-                              "Please run publish again to rebuild this file.".format(jar_file))
+                              "Please run publish again to rebuild this file.".format(jar_file)) from e
 
     jar_sigkey = apk_signer_fingerprint(jar_file)
     repo_key_sig = config.get('repo_key_sha256')

From 24630dfe6806b7563b9e9179c188bb0549c6dc89 Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Sun, 30 Oct 2022 07:14:20 +0100
Subject: [PATCH 2/5] Drop old getsig.java test

getsig.java was replaced by a Python implementation in 6e2d0a9e (2014)
and the test was only there to compare the results for the transition.

Dropping this as it no longer works starting with 11.0.17+8.
---
 MANIFEST.in              |   3 --
 tests/getsig/getsig.java | 105 ---------------------------------------
 tests/getsig/make.sh     |   2 -
 tests/getsig/run.sh      |   2 -
 tests/run-tests          |   5 +-
 tests/update.TestCase    |  44 ----------------
 6 files changed, 1 insertion(+), 160 deletions(-)
 delete mode 100644 tests/getsig/getsig.java
 delete mode 100755 tests/getsig/make.sh
 delete mode 100755 tests/getsig/run.sh

diff --git a/MANIFEST.in b/MANIFEST.in
index 3adec161..d1535466 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -558,9 +558,6 @@ include tests/get_android_tools_versions/android-sdk/patcher/v4/source.propertie
 include tests/get_android_tools_versions/android-sdk/platforms/android-30/source.properties
 include tests/get_android_tools_versions/android-sdk/skiaparser/1/source.properties
 include tests/get_android_tools_versions/android-sdk/tools/source.properties
-include tests/getsig/getsig.java
-include tests/getsig/make.sh
-include tests/getsig/run.sh
 include tests/gnupghome/pubring.gpg
 include tests/gnupghome/random_seed
 include tests/gnupghome/secring.gpg
diff --git a/tests/getsig/getsig.java b/tests/getsig/getsig.java
deleted file mode 100644
index 78e7ac0c..00000000
--- a/tests/getsig/getsig.java
+++ /dev/null
@@ -1,105 +0,0 @@
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.Signature;
-import java.security.cert.*;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Enumeration;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-
-public class getsig {
-
-    public static void main(String[] args) {
-
-        String apkPath = null;
-        boolean full = false;
-
-        if(args.length == 1) {
-            apkPath = args[0];
-        } else if (args.length == 2) {
-            if(!args[0].equals("-f")) {
-                System.out.println("Only -f is supported");
-                System.exit(1);
-            }
-            apkPath = args[1];
-            full = true;
-        } else {
-            System.out.println("Specify the APK file to get the signature from!");
-            System.exit(1);
-        }
-
-        try {
-
-            JarFile apk = new JarFile(apkPath);
-            java.security.cert.Certificate[] certs = null;
-
-            Enumeration entries = apk.entries();
-            while (entries.hasMoreElements()) {
-                JarEntry je = (JarEntry) entries.nextElement();
-                if (!je.isDirectory() && !je.getName().startsWith("META-INF/")) {
-                    // Just need to read the stream (discarding the data) to get
-                    // it to process the certificate...
-                    byte[] b = new byte[4096];
-                    InputStream is = apk.getInputStream(je);
-                    while (is.read(b, 0, b.length) != -1);
-                    is.close();
-                    certs = je.getCertificates();
-                    if(certs != null)
-                        break;
-                }
-            }
-            apk.close();
-
-            if (certs == null) {
-                System.out.println("Not signed");
-                System.exit(1);
-            }
-            if (certs.length != 1) {
-                System.out.println("One signature expected");
-                System.exit(1);
-            }
-
-            // Get the signature in the same form that is returned by
-            // android.content.pm.Signature.toCharsString() (but in the
-            // form of a byte array so we can pass it to the MD5 function)...
-            byte[] sig = certs[0].getEncoded();
-            byte[] csig = new byte[sig.length * 2];
-            for (int j=0; j<sig.length; j++) {
-                byte v = sig[j];
-                int d = (v>>4)&0xf;
-                csig[j*2] = (byte)(d >= 10 ? ('a' + d - 10) : ('0' + d));
-                d = v&0xf;
-                csig[j*2+1] = (byte)(d >= 10 ? ('a' + d - 10) : ('0' + d));
-            }
-
-            String result;
-            if(full) {
-                result = new String(csig);
-            } else {
-                // Get the MD5 sum...
-                MessageDigest md;
-                md = MessageDigest.getInstance("MD5");
-                byte[] md5sum = new byte[32];
-                md.update(csig);
-                md5sum = md.digest();
-                BigInteger bigInt = new BigInteger(1, md5sum);
-                String md5hash = bigInt.toString(16);
-                while (md5hash.length() < 32)
-                    md5hash = "0" + md5hash;
-                result = md5hash;
-            }
-
-            System.out.println("Result:" + result);
-            System.exit(0);
-
-        } catch (Exception e) {
-            System.out.println("Exception:" + e);
-            System.exit(1);
-        }
-    }
-
-}
-
-
diff --git a/tests/getsig/make.sh b/tests/getsig/make.sh
deleted file mode 100755
index aa63c1a2..00000000
--- a/tests/getsig/make.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-javac getsig.java
diff --git a/tests/getsig/run.sh b/tests/getsig/run.sh
deleted file mode 100755
index 726995bf..00000000
--- a/tests/getsig/run.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-java getsig $1 $2 $3
diff --git a/tests/run-tests b/tests/run-tests
index e5349dc8..82af2148 100755
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -151,10 +151,7 @@ test -x ./hooks/pre-commit && ./hooks/pre-commit
 
 
 #------------------------------------------------------------------------------#
-echo_header "test python getsig replacement"
-
-cd $WORKSPACE/tests/getsig
-./make.sh
+echo_header "run unit tests"
 
 cd $WORKSPACE/tests
 for testcase in $WORKSPACE/tests/*.TestCase; do
diff --git a/tests/update.TestCase b/tests/update.TestCase
index 12380d1b..91428b22 100755
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@@ -20,7 +20,6 @@ import unittest
 import yaml
 import zipfile
 import textwrap
-from binascii import unhexlify
 from datetime import datetime
 from distutils.version import LooseVersion
 from testcommon import TmpCwd
@@ -53,7 +52,6 @@ import fdroidserver.common
 import fdroidserver.exception
 import fdroidserver.metadata
 import fdroidserver.update
-from fdroidserver.common import FDroidPopen
 
 
 DONATION_FIELDS = ('Donate', 'Liberapay', 'OpenCollective')
@@ -550,48 +548,6 @@ class UpdateTest(unittest.TestCase):
         self.assertEqual(app['localized']['en-US']['name'], 'Goguma')
         self.assertEqual(app['localized']['en-US']['summary'], 'An IRC client for mobile devices')
 
-    def javagetsig(self, apkfile):
-        getsig_dir = 'getsig'
-        if not os.path.exists(os.path.join(getsig_dir, "getsig.class")):
-            logging.critical("getsig.class not found. To fix: cd '%s' && ./make.sh" % getsig_dir)
-            sys.exit(1)
-        # FDroidPopen needs some config to work
-        config = dict()
-        fdroidserver.common.fill_config_defaults(config)
-        fdroidserver.common.config = config
-        p = FDroidPopen(['java', '-cp', 'getsig', 'getsig', apkfile])
-        sig = None
-        for line in p.output.splitlines():
-            if line.startswith('Result:'):
-                sig = line[7:].strip()
-                break
-        if p.returncode == 0:
-            return sig
-        else:
-            return None
-
-    def testGoodGetsig(self):
-        # config needed to use jarsigner and keytool
-        config = dict()
-        fdroidserver.common.fill_config_defaults(config)
-        fdroidserver.common.options = Options
-        fdroidserver.update.config = config
-        apkfile = 'urzip.apk'
-        sig = self.javagetsig(apkfile)
-        self.assertIsNotNone(sig, "sig is None")
-        pysig = fdroidserver.update.getsig(apkfile)
-        self.assertIsNotNone(pysig, "pysig is None")
-        self.assertEqual(sig, fdroidserver.update.getsig(apkfile),
-                         "python sig not equal to java sig!")
-        self.assertEqual(len(sig), len(pysig),
-                         "the length of the two sigs are different!")
-        try:
-            self.assertEqual(unhexlify(sig), unhexlify(pysig),
-                             "the length of the two sigs are different!")
-        except TypeError as e:
-            print(e)
-            self.assertTrue(False, 'TypeError!')
-
     def testBadGetsig(self):
         """getsig() should still be able to fetch the fingerprint of bad signatures"""
         # config needed to use jarsigner and keytool

From d4b6e95c4e8f5fccc4ca3480e40d5bee48e3213c Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Sun, 30 Oct 2022 07:39:16 +0100
Subject: [PATCH 3/5] init: use provided keyalias

---
 fdroidserver/init.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 1fbba382..313dcc22 100644
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -264,7 +264,7 @@ def main():
         c = dict(test_config)
         c['keystorepass'] = password
         c['keypass'] = password
-        c['repo_keyalias'] = socket.getfqdn()
+        c['repo_keyalias'] = repo_keyalias or socket.getfqdn()
         c['keydname'] = 'CN=' + c['repo_keyalias'] + ', OU=F-Droid'
         common.write_to_config(test_config, 'keystorepass', password)
         common.write_to_config(test_config, 'keypass', password)

From 1bb963d7682485ba9cfeeb7eb049a053feb10c3c Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Sat, 29 Oct 2022 22:09:07 +0200
Subject: [PATCH 4/5] jarsigner: allow weak signatures

openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:

jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar

         131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
         252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
        2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
           0 Fri Dec 02 20:09:58 CET 2016 META-INF/
 m  ?  48743 Fri Dec 02 20:09:58 CET 2016 index.xml

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  ? = unsigned entry

- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
    Digest algorithm: SHA1 (disabled)
    Signature algorithm: SHA1withRSA (disabled), 4096-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
---
 fdroidserver/common.py   | 89 +++++++++++++++-------------------------
 fdroidserver/index.py    |  2 +-
 fdroidserver/update.py   |  7 ++--
 tests/common.TestCase    | 44 ++++++++++----------
 tests/signindex.TestCase |  6 +--
 5 files changed, 64 insertions(+), 84 deletions(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index dae4dac9..4367981b 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3416,13 +3416,27 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir, v1_only=None):
     return None
 
 
-def verify_jar_signature(jar):
+def verify_deprecated_jar_signature(jar):
     """Verify the signature of a given JAR file.
 
     jarsigner is very shitty: unsigned JARs pass as "verified"! So
     this has to turn on -strict then check for result 4, since this
     does not expect the signature to be from a CA-signed certificate.
 
+    Also used to verify the signature on an archived APK, supporting deprecated
+    algorithms.
+
+    F-Droid aims to keep every single binary that it ever published.  Therefore,
+    it needs to be able to verify APK signatures that include deprecated/removed
+    algorithms.  For example, jarsigner treats an MD5 signature as unsigned.
+
+    jarsigner passes unsigned APKs as "verified"! So this has to turn
+    on -strict then check for result 4.
+
+    Just to be safe, this never reuses the file, and locks down the
+    file permissions while in use.  That should prevent a bad actor
+    from changing the settings during operation.
+
     Raises
     ------
     VerificationException
@@ -3430,15 +3444,30 @@ def verify_jar_signature(jar):
 
     """
     error = _('JAR signature failed to verify: {path}').format(path=jar)
+    _java_security = os.path.join(os.getcwd(), '.java.security')
+    if os.path.exists(_java_security):
+        os.remove(_java_security)
+    with open(_java_security, 'w') as fp:
+        fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
+    os.chmod(_java_security, 0o400)
+
     try:
-        output = subprocess.check_output([config['jarsigner'], '-strict', '-verify', jar],
-                                         stderr=subprocess.STDOUT)
+        cmd = [
+            config['jarsigner'],
+            '-J-Djava.security.properties=' + _java_security,
+            '-strict', '-verify', jar
+        ]
+        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
         raise VerificationException(error + '\n' + output.decode('utf-8'))
     except subprocess.CalledProcessError as e:
         if e.returncode == 4:
             logging.debug(_('JAR signature verified: {path}').format(path=jar))
         else:
             raise VerificationException(error + '\n' + e.output.decode('utf-8')) from e
+    finally:
+        if os.path.exists(_java_security):
+            os.chmod(_java_security, 0o600)
+            os.remove(_java_security)
 
 
 def verify_apk_signature(apk, min_sdk_version=None):
@@ -3471,63 +3500,13 @@ def verify_apk_signature(apk, min_sdk_version=None):
             config['jarsigner_warning_displayed'] = True
             logging.warning(_("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner"))
         try:
-            verify_jar_signature(apk)
+            verify_deprecated_jar_signature(apk)
             return True
         except Exception as e:
             logging.error(e)
     return False
 
 
-def verify_old_apk_signature(apk):
-    """Verify the signature on an archived APK, supporting deprecated algorithms.
-
-    F-Droid aims to keep every single binary that it ever published.  Therefore,
-    it needs to be able to verify APK signatures that include deprecated/removed
-    algorithms.  For example, jarsigner treats an MD5 signature as unsigned.
-
-    jarsigner passes unsigned APKs as "verified"! So this has to turn
-    on -strict then check for result 4.
-
-    Just to be safe, this never reuses the file, and locks down the
-    file permissions while in use.  That should prevent a bad actor
-    from changing the settings during operation.
-
-    Returns
-    -------
-    Boolean
-        whether the APK was verified
-
-    """
-    _java_security = os.path.join(os.getcwd(), '.java.security')
-    if os.path.exists(_java_security):
-        os.remove(_java_security)
-    with open(_java_security, 'w') as fp:
-        fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
-    os.chmod(_java_security, 0o400)
-
-    try:
-        cmd = [
-            config['jarsigner'],
-            '-J-Djava.security.properties=' + _java_security,
-            '-strict', '-verify', apk
-        ]
-        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
-    except subprocess.CalledProcessError as e:
-        if e.returncode != 4:
-            output = e.output
-        else:
-            logging.debug(_('JAR signature verified: {path}').format(path=apk))
-            return True
-    finally:
-        if os.path.exists(_java_security):
-            os.chmod(_java_security, 0o600)
-            os.remove(_java_security)
-
-    logging.error(_('Old APK signature failed to verify: {path}').format(path=apk)
-                  + '\n' + output.decode('utf-8'))
-    return False
-
-
 apk_badchars = re.compile('''[/ :;'"]''')
 
 
@@ -3749,7 +3728,7 @@ def load_stats_fdroid_signing_key_fingerprints():
     if not os.path.isfile(jar_file):
         return {}
     try:
-        verify_jar_signature(jar_file)
+        verify_deprecated_jar_signature(jar_file)
     except VerificationException as e:
         raise FDroidException("Signature validation of '{}' failed! "
                               "Please run publish again to rebuild this file.".format(jar_file)) from e
diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index 28f0f285..c788509d 100644
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -1518,7 +1518,7 @@ def get_index_from_jar(jarfile, fingerprint=None):
 
     """
     logging.debug(_('Verifying index signature:'))
-    common.verify_jar_signature(jarfile)
+    common.verify_deprecated_jar_signature(jarfile)
     with zipfile.ZipFile(jarfile) as jar:
         public_key, public_key_fingerprint = get_public_key_from_jar(jar)
         if fingerprint is not None:
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 5f1178d8..12c9dfe6 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -50,7 +50,7 @@ from . import _
 from . import common
 from . import index
 from . import metadata
-from .exception import BuildException, FDroidException
+from .exception import BuildException, FDroidException, VerificationException
 
 from PIL import Image, PngImagePlugin
 
@@ -1532,9 +1532,10 @@ def process_apk(apkcache, apkfilename, repodir, knownapks, use_date_from_apk=Fal
         skipapk = False
         if not common.verify_apk_signature(apkfile):
             if repodir == 'archive' or allow_disabled_algorithms:
-                if common.verify_old_apk_signature(apkfile):
+                try:
+                    common.verify_deprecated_jar_signature(apkfile)
                     apk['antiFeatures'].update(['KnownVuln', 'DisabledAlgorithm'])
-                else:
+                except VerificationException:
                     skipapk = True
             else:
                 skipapk = True
diff --git a/tests/common.TestCase b/tests/common.TestCase
index fbf277e9..b36cdcd1 100755
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -39,7 +39,8 @@ import fdroidserver.signindex
 import fdroidserver.common
 import fdroidserver.metadata
 from testcommon import TmpCwd
-from fdroidserver.exception import FDroidException, VCSException, MetaDataException
+from fdroidserver.exception import FDroidException, VCSException,\
+    MetaDataException, VerificationException
 
 
 class CommonTest(unittest.TestCase):
@@ -484,34 +485,33 @@ class CommonTest(unittest.TestCase):
         config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
         fdroidserver.common.config = config
 
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('bad-unicode-πÇÇ现代通用字-български-عربي1.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.dyndns.fules.ck_20.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('urzip.apk'))
-        self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-badcert.apk'))
-        self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-badsig.apk'))
-        self.assertTrue(fdroidserver.common.verify_old_apk_signature('urzip-release.apk'))
-        self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-release-unsigned.apk'))
+        try:
+            fdroidserver.common.verify_deprecated_jar_signature('bad-unicode-πÇÇ现代通用字-български-عربي1.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('org.bitbucket.tickytacky.mirrormirror_1.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('org.bitbucket.tickytacky.mirrormirror_2.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('org.bitbucket.tickytacky.mirrormirror_3.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('org.bitbucket.tickytacky.mirrormirror_4.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('org.dyndns.fules.ck_20.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('urzip.apk')
+            fdroidserver.common.verify_deprecated_jar_signature('urzip-release.apk')
+        except VerificationException:
+            self.fail("failed to jarsigner failed to verify an old apk")
+        self.assertRaises(VerificationException, fdroidserver.common.verify_deprecated_jar_signature, 'urzip-badcert.apk')
+        self.assertRaises(VerificationException, fdroidserver.common.verify_deprecated_jar_signature, 'urzip-badsig.apk')
+        self.assertRaises(VerificationException, fdroidserver.common.verify_deprecated_jar_signature, 'urzip-release-unsigned.apk')
 
-    def test_verify_jar_signature_succeeds(self):
-        config = fdroidserver.common.read_config(fdroidserver.common.options)
-        fdroidserver.common.config = config
-        source_dir = os.path.join(self.basedir, 'signindex')
-        for f in ('testy.jar', 'guardianproject.jar'):
-            testfile = os.path.join(source_dir, f)
-            fdroidserver.common.verify_jar_signature(testfile)
-
-    def test_verify_jar_signature_fails(self):
+    def test_verify_deprecated_jar_signature(self):
         config = fdroidserver.common.read_config(fdroidserver.common.options)
         config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
         fdroidserver.common.config = config
         source_dir = os.path.join(self.basedir, 'signindex')
+        for f in ('testy.jar', 'guardianproject.jar'):
+            testfile = os.path.join(source_dir, f)
+            fdroidserver.common.verify_deprecated_jar_signature(testfile)
+
         testfile = os.path.join(source_dir, 'unsigned.jar')
         with self.assertRaises(fdroidserver.index.VerificationException):
-            fdroidserver.common.verify_jar_signature(testfile)
+            fdroidserver.common.verify_deprecated_jar_signature(testfile)
 
     def test_verify_apks(self):
         config = fdroidserver.common.read_config(fdroidserver.common.options)
diff --git a/tests/signindex.TestCase b/tests/signindex.TestCase
index 63fac860..6e2165cc 100755
--- a/tests/signindex.TestCase
+++ b/tests/signindex.TestCase
@@ -103,7 +103,7 @@ class SignindexTest(unittest.TestCase):
 
         # index.jar aka v0 must by signed by SHA1withRSA
         f = 'repo/index.jar'
-        common.verify_jar_signature(f)
+        common.verify_deprecated_jar_signature(f)
         self.assertIsNone(apksigcopier.extract_v2_sig(f, expected=False))
         cp = subprocess.run(
             ['jarsigner', '-verify', '-verbose', f], stdout=subprocess.PIPE
@@ -112,7 +112,7 @@ class SignindexTest(unittest.TestCase):
 
         # index-v1.jar must by signed by SHA1withRSA
         f = 'repo/index-v1.jar'
-        common.verify_jar_signature(f)
+        common.verify_deprecated_jar_signature(f)
         self.assertIsNone(apksigcopier.extract_v2_sig(f, expected=False))
         cp = subprocess.run(
             ['jarsigner', '-verify', '-verbose', f], stdout=subprocess.PIPE
@@ -121,7 +121,7 @@ class SignindexTest(unittest.TestCase):
 
         # entry.jar aka index v2 must by signed by a modern algorithm
         f = 'repo/entry.jar'
-        common.verify_jar_signature(f)
+        common.verify_deprecated_jar_signature(f)
         self.assertIsNone(apksigcopier.extract_v2_sig(f, expected=False))
         cp = subprocess.run(
             ['jarsigner', '-verify', '-verbose', f], stdout=subprocess.PIPE

From 0549535bab2dd4f9a9eaa127cab21970a8c1db0a Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Sun, 30 Oct 2022 08:23:48 +0100
Subject: [PATCH 5/5] signindex: fix buster workaround

Don't try to remove arg if the old args where used.
---
 fdroidserver/signindex.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fdroidserver/signindex.py b/fdroidserver/signindex.py
index d46c737e..852ed958 100644
--- a/fdroidserver/signindex.py
+++ b/fdroidserver/signindex.py
@@ -110,8 +110,8 @@ def sign_jar(jar, use_old_algs=False):
         'FDROID_KEY_PASS': config.get('keypass', ""),
     }
     p = common.FDroidPopen(args, envs=env_vars)
-    if p.returncode != 0:
-        # workaround for buster-backports apksigner on f-droid.org publish server
+    if not use_old_algs and p.returncode != 0:
+        # workaround for apksigner v30 on f-droid.org publish server
         v4 = args.index("--v4-signing-enabled")
         del args[v4 + 1]
         del args[v4]