make `fdroid verify` use common.verify_apks()

This makes the jarsigner the ultimate and only judge of whether two APKs
match.  This is the best tool since APK signatures are jar signatures. This
should be eventually updated to use the official Android APK signing tool
called apksigner.

https://android.googlesource.com/platform/tools/apksig/

diff --git a/fdroidserver/verify.py b/fdroidserver/verify.py
index c13055a09eb23a843dcb55a65c60d593b87ee1a8..cac31a9c832f76d344b05bd18b20b6408e30ca2c 100644 (file)
--- a/fdroidserver/verify.py
+++ b/fdroidserver/verify.py
@@ -78,9 +78,9 @@ def main():
             logging.info("...retrieving " + url)
             net.download_file(url, dldir=tmp_dir)
 
-            compare_result = common.compare_apks(
-                os.path.join(unsigned_dir, apkfilename),
+            compare_result = common.verify_apks(
                 remoteapk,
+                os.path.join(unsigned_dir, apkfilename),
                 tmp_dir)
             if compare_result:
                 raise FDroidException(compare_result)