From c88eff9af7877a68fd095547636938fde03ef592 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Fri, 29 Aug 2014 22:53:21 -0400
Subject: [PATCH] use jarsigner to verify the APK signature is valid

By using jarsigner here, we can get rid of getsig.java, since the rest of
what getsig.java does can easily be handled in python.  This simplifies
installation and deployment, and makes things work better cross-platform.
This also means that the fdroidserver Debian package no longer needs to
Build-Depends: on default-jdk, which makes builds in pbuilder run a lot
faster. :-)

refs #5 https://gitlab.com/fdroid/fdroidserver/issues/5
---
 fdroidserver/update.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index c4e08fb5..e161764d 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -465,6 +465,16 @@ def scan_apks(apps, apkcache, repodir, knownapks):
                     sha.update(t)
                 thisinfo['sha256'] = sha.hexdigest()
 
+            # verify the jar signature is correct
+            args = ['jarsigner', '-verify']
+            if options.verbose:
+                args += ['-verbose', '-certs']
+            args += apkfile
+            p = FDroidPopen(args)
+            if p.returncode != 0:
+                logging.critical(apkfile + " has a bad signature!")
+                sys.exit(1)
+
             # Get the signature (or md5 of, to be precise)...
             getsig_dir = os.path.join(os.path.dirname(__file__), 'getsig')
             if not os.path.exists(getsig_dir + "/getsig.class"):
-- 
2.30.2