use jarsigner to verify the APK signature is valid

By using jarsigner here, we can get rid of getsig.java, since the rest of
what getsig.java does can easily be handled in python.  This simplifies
installation and deployment, and makes things work better cross-platform.
This also means that the fdroidserver Debian package no longer needs to
Build-Depends: on default-jdk, which makes builds in pbuilder run a lot
faster. :-)

refs #5 https://gitlab.com/fdroid/fdroidserver/issues/5

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index c4e08fb509ad016f8d6c6e89bcf7eb00b95401a9..e161764d78479ff9e2f5bab11c262eb47f5fe5cd 100644 (file)
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -465,6 +465,16 @@ def scan_apks(apps, apkcache, repodir, knownapks):
                     sha.update(t)
                 thisinfo['sha256'] = sha.hexdigest()
 
+            # verify the jar signature is correct
+            args = ['jarsigner', '-verify']
+            if options.verbose:
+                args += ['-verbose', '-certs']
+            args += apkfile
+            p = FDroidPopen(args)
+            if p.returncode != 0:
+                logging.critical(apkfile + " has a bad signature!")
+                sys.exit(1)
+
             # Get the signature (or md5 of, to be precise)...
             getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
             if not os.path.exists(getsig_dir + "/getsig.class"):