By using jarsigner here, we can get rid of getsig.java, since the rest of
what getsig.java does can easily be handled in python. This simplifies
installation and deployment, and makes things work better cross-platform.
This also means that the fdroidserver Debian package no longer needs to
Build-Depends: on default-jdk, which makes builds in pbuilder run a lot
faster. :-)
refs #5 https://gitlab.com/fdroid/fdroidserver/issues/5
sha.update(t)
thisinfo['sha256'] = sha.hexdigest()
sha.update(t)
thisinfo['sha256'] = sha.hexdigest()
+ # verify the jar signature is correct
+ args = ['jarsigner', '-verify']
+ if options.verbose:
+ args += ['-verbose', '-certs']
+ args += apkfile
+ p = FDroidPopen(args)
+ if p.returncode != 0:
+ logging.critical(apkfile + " has a bad signature!")
+ sys.exit(1)
+
# Get the signature (or md5 of, to be precise)...
getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
if not os.path.exists(getsig_dir + "/getsig.class"):
# Get the signature (or md5 of, to be precise)...
getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
if not os.path.exists(getsig_dir + "/getsig.class"):