From: Hans-Christoph Steiner <hans@eds.org>
Date: Fri, 22 Dec 2017 16:49:36 +0000 (+0100)
Subject: common: fix bug in new SHA-256 signatures for >= android-18
X-Git-Tag: 1.0.0~10^2~1
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=e451ec0079c72995b790662720d16a4d39446729;p=fdroidserver.git

common: fix bug in new SHA-256 signatures for >= android-18

Luckily, this is only used in `fdroid nightly` so far.
---

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 6fce3340..06d40faa 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -2466,7 +2466,7 @@ def sign_apk(unsigned_path, signed_path, keyalias):
     if get_minSdkVersion_aapt(unsigned_path) < 18:
         signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
     else:
-        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA256']
+        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
 
     p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
                      '-storepass:env', 'FDROID_KEY_STORE_PASS',
diff --git a/tests/common.TestCase b/tests/common.TestCase
index 3b4cc5e9..330d37a7 100755
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -521,6 +521,18 @@ class CommonTest(unittest.TestCase):
         self.assertFalse(os.path.isfile(unsigned))
         self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
 
+        # now sign an APK with minSdkVersion >= 18
+        unsigned = os.path.join(testdir, 'duplicate.permisssions_9999999-unsigned.apk')
+        signed = os.path.join(testdir, 'duplicate.permisssions_9999999.apk')
+        shutil.copy(os.path.join(self.basedir, 'repo', 'duplicate.permisssions_9999999.apk'),
+                    os.path.join(unsigned))
+        fdroidserver.common.apk_strip_signatures(unsigned, strip_manifest=True)
+        fdroidserver.common.sign_apk(unsigned, signed, config['keyalias'])
+        self.assertTrue(os.path.isfile(signed))
+        self.assertFalse(os.path.isfile(unsigned))
+        self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
+        self.assertEqual(18, fdroidserver.common.get_minSdkVersion_aapt(signed))
+
     def test_get_api_id_aapt(self):
 
         config = dict()