chiark / gitweb /
~ianmdlvl / fdroidserver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 109eb92)
common: fix bug in new SHA-256 signatures for >= android-18
authorHans-Christoph Steiner <hans@eds.org>
Fri, 22 Dec 2017 16:49:36 +0000 (17:49 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Thu, 28 Dec 2017 22:07:26 +0000 (23:07 +0100)
Luckily, this is only used in `fdroid nightly` so far.

fdroidserver/common.py patch | blob | history
tests/common.TestCase patch | blob | history

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 6fce3340f12632251673cbd2010d0c88bac5ebbd..06d40faab5b1a870b7e44f155a1cc33e0081a54f 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -2466,7 +2466,7 @@ def sign_apk(unsigned_path, signed_path, keyalias):
     if get_minSdkVersion_aapt(unsigned_path) < 18:
         signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
     else:
-        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA256']
+        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
 
     p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
                      '-storepass:env', 'FDROID_KEY_STORE_PASS',
diff --git a/tests/common.TestCase b/tests/common.TestCase
index 3b4cc5e932fce73ed616676c3fc8758a89008b73..330d37a799992d43e34ecbe06c7f6b33debf7ba3 100755 (executable)
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -521,6 +521,18 @@ class CommonTest(unittest.TestCase):
         self.assertFalse(os.path.isfile(unsigned))
         self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
 
+        # now sign an APK with minSdkVersion >= 18
+        unsigned = os.path.join(testdir, 'duplicate.permisssions_9999999-unsigned.apk')
+        signed = os.path.join(testdir, 'duplicate.permisssions_9999999.apk')
+        shutil.copy(os.path.join(self.basedir, 'repo', 'duplicate.permisssions_9999999.apk'),
+                    os.path.join(unsigned))
+        fdroidserver.common.apk_strip_signatures(unsigned, strip_manifest=True)
+        fdroidserver.common.sign_apk(unsigned, signed, config['keyalias'])
+        self.assertTrue(os.path.isfile(signed))
+        self.assertFalse(os.path.isfile(unsigned))
+        self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
+        self.assertEqual(18, fdroidserver.common.get_minSdkVersion_aapt(signed))
+
     def test_get_api_id_aapt(self):
 
         config = dict()
Unnamed repository; edit this file 'description' to name the repository.