From e451ec0079c72995b790662720d16a4d39446729 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Fri, 22 Dec 2017 17:49:36 +0100
Subject: [PATCH 1/1] common: fix bug in new SHA-256 signatures for >=
 android-18

Luckily, this is only used in `fdroid nightly` so far.
---
 fdroidserver/common.py |  2 +-
 tests/common.TestCase  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 6fce3340..06d40faa 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -2466,7 +2466,7 @@ def sign_apk(unsigned_path, signed_path, keyalias):
     if get_minSdkVersion_aapt(unsigned_path) < 18:
         signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
     else:
-        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA256']
+        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
 
     p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
                      '-storepass:env', 'FDROID_KEY_STORE_PASS',
diff --git a/tests/common.TestCase b/tests/common.TestCase
index 3b4cc5e9..330d37a7 100755
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -521,6 +521,18 @@ class CommonTest(unittest.TestCase):
         self.assertFalse(os.path.isfile(unsigned))
         self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
 
+        # now sign an APK with minSdkVersion >= 18
+        unsigned = os.path.join(testdir, 'duplicate.permisssions_9999999-unsigned.apk')
+        signed = os.path.join(testdir, 'duplicate.permisssions_9999999.apk')
+        shutil.copy(os.path.join(self.basedir, 'repo', 'duplicate.permisssions_9999999.apk'),
+                    os.path.join(unsigned))
+        fdroidserver.common.apk_strip_signatures(unsigned, strip_manifest=True)
+        fdroidserver.common.sign_apk(unsigned, signed, config['keyalias'])
+        self.assertTrue(os.path.isfile(signed))
+        self.assertFalse(os.path.isfile(unsigned))
+        self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
+        self.assertEqual(18, fdroidserver.common.get_minSdkVersion_aapt(signed))
+
     def test_get_api_id_aapt(self):
 
         config = dict()
-- 
2.30.2