From: Hans-Christoph Steiner <hans@eds.org>
Date: Sat, 30 Aug 2014 02:53:21 +0000 (-0400)
Subject: use jarsigner to verify the APK signature is valid
X-Git-Tag: 0.3.0~32
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=c88eff9af7877a68fd095547636938fde03ef592;p=fdroidserver.git

use jarsigner to verify the APK signature is valid

By using jarsigner here, we can get rid of getsig.java, since the rest of
what getsig.java does can easily be handled in python.  This simplifies
installation and deployment, and makes things work better cross-platform.
This also means that the fdroidserver Debian package no longer needs to
Build-Depends: on default-jdk, which makes builds in pbuilder run a lot
faster. :-)

refs #5 https://gitlab.com/fdroid/fdroidserver/issues/5
---

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index c4e08fb5..e161764d 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -465,6 +465,16 @@ def scan_apks(apps, apkcache, repodir, knownapks):
                     sha.update(t)
                 thisinfo['sha256'] = sha.hexdigest()
 
+            # verify the jar signature is correct
+            args = ['jarsigner', '-verify']
+            if options.verbose:
+                args += ['-verbose', '-certs']
+            args += apkfile
+            p = FDroidPopen(args)
+            if p.returncode != 0:
+                logging.critical(apkfile + " has a bad signature!")
+                sys.exit(1)
+
             # Get the signature (or md5 of, to be precise)...
             getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
             if not os.path.exists(getsig_dir + "/getsig.class"):