chiark / gitweb /
~ianmdlvl / fdroidserver.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
index: always use jarsigner for verifying JAR signatures
[fdroidserver.git] / fdroidserver / index.py
diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index 59139e17f70b0492aaa903c141dac4590ebebd82..79322d55185da1c472b01eecabd10e5e21c6688f 100644 (file)
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -632,7 +632,7 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
         jar = zipfile.ZipFile(fp)
 
         # verify that the JAR signature is valid
-        verify_jar_signature(fp.name)
+        common.verify_jar_signature(fp.name)
 
         # get public key and its fingerprint from JAR
         public_key, public_key_fingerprint = get_public_key_from_jar(jar)
@@ -652,16 +652,6 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
         return index, new_etag
 
 
-def verify_jar_signature(file):
-    """
-    Verifies the signature of a given JAR file.
-
-    :raises: VerificationException() if the JAR's signature could not be verified
-    """
-    if not common.verify_apk_signature(file, jar=True):
-        raise VerificationException(_("The repository's index could not be verified."))
-
-
 def get_public_key_from_jar(jar):
     """
     Get the public key and its fingerprint from a JAR file.
Unnamed repository; edit this file 'description' to name the repository.