From d74235564f964a2d9c472116e0acc79f09e33ecd Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Sat, 30 Aug 2014 00:45:12 -0400
Subject: [PATCH] move apk signature verification into getsig() function

This makes the python replacement behave like an all-in-one replacement
for getsig.java.

fixes #5 https://gitlab.com/fdroid/fdroidserver/issues/5
---
 fdroidserver/update.py | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index c618fc78..225f594d 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -342,6 +342,13 @@ def getsig(apkpath):
 
     cert = None
 
+    # verify the jar signature is correct
+    args = ['jarsigner', '-verify', apkpath]
+    p = FDroidPopen(args)
+    if p.returncode != 0:
+        logging.critical(apkpath + " has a bad signature!")
+        return None
+
     with zipfile.ZipFile(apkpath, 'r') as apk:
 
         certs = [n for n in apk.namelist() if cert_path_regex.match(n)]
@@ -516,16 +523,6 @@ def scan_apks(apps, apkcache, repodir, knownapks):
                     sha.update(t)
                 thisinfo['sha256'] = sha.hexdigest()
 
-            # verify the jar signature is correct
-            args = ['jarsigner', '-verify']
-            if options.verbose:
-                args += ['-verbose', '-certs']
-            args += apkfile
-            p = FDroidPopen(args)
-            if p.returncode != 0:
-                logging.critical(apkfile + " has a bad signature!")
-                sys.exit(1)
-
             # Get the signature (or md5 of, to be precise)...
             thisinfo['sig'] = getsig(os.path.join(os.getcwd(), apkfile))
             if not thisinfo['sig']:
-- 
2.30.2