move apk signature verification into getsig() function

[fdroidserver.git] / fdroidserver / update.py

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index c618fc787ed5c693808e04e050defd24c9b2b2f5..225f594d0ab3e69130a154e501cb1c28da1e3623 100644 (file)
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -342,6 +342,13 @@ def getsig(apkpath):
 
     cert = None
 
+    # verify the jar signature is correct
+    args = ['jarsigner', '-verify', apkpath]
+    p = FDroidPopen(args)
+    if p.returncode != 0:
+        logging.critical(apkpath + " has a bad signature!")
+        return None
+
     with zipfile.ZipFile(apkpath, 'r') as apk:
 
         certs = [n for n in apk.namelist() if cert_path_regex.match(n)]
@@ -516,16 +523,6 @@ def scan_apks(apps, apkcache, repodir, knownapks):
                     sha.update(t)
                 thisinfo['sha256'] = sha.hexdigest()
 
-            # verify the jar signature is correct
-            args = ['jarsigner', '-verify']
-            if options.verbose:
-                args += ['-verbose', '-certs']
-            args += apkfile
-            p = FDroidPopen(args)
-            if p.returncode != 0:
-                logging.critical(apkfile + " has a bad signature!")
-                sys.exit(1)
-
             # Get the signature (or md5 of, to be precise)...
             thisinfo['sig'] = getsig(os.path.join(os.getcwd(), apkfile))
             if not thisinfo['sig']: