gitlab-ci: punt reworking index-v1.jar verify (!1192) · Merge requests · F-Droid / Client

Hans-Christoph Steiner requested to merge eighthave/fdroidclient:sha1-until-2024 into master Feb 08, 2023

The index-v1.jar tests need to verify its SHA1 signature. Java's default is to treat SHA1 as unsigned. Ideally, our code would use apksig to verify those JAR sigs so that it would use the apksigner rules for whether a SHA1 signature is valid.

https://android.googlesource.com/platform/tools/apksig/+/master/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java

The failure looks like: https://gitlab.com/fdroid/fdroidclient/-/jobs/3728296505

Edited Feb 08, 2023 by Hans-Christoph Steiner

gitlab-ci: punt reworking index-v1.jar verify

Merge request reports