• Hans-Christoph Steiner's avatar
    use apksigner to sign index-v2 with modern, supported algorithms · 3182b77d
    Hans-Christoph Steiner authored
    The current signing method uses apksigner to sign the JAR so that it
    will automatically select algorithms that are compatible with Android
    SDK 23, which added the most recent algorithms:
    https://developer.android.com/reference/java/security/Signature
    
    This signing method uses then inherits the default signing algothim
    settings, since Java and Android both maintain those.  That helps
    avoid a repeat of being stuck on an old signing algorithm.  That means
    specifically that this call to apksigner does not specify any of the
    algorithms.
    
    The old indexes must be signed by SHA1withRSA otherwise they will no
    longer be compatible with old Androids.
    
    apksigner 30.0.0+ is available in Debian/bullseye, Debian/buster-backports,
    Ubuntu 21.10, and Ubuntu 20.04 from the fdroid PPA.  Here's a quick way to
    test:
    
    for f in `ls -1 /opt/android-sdk/build-tools/*/apksigner | sort ` /usr/bin/apksigner; do printf "$f : "; $f sign --v4-signing-enabled false; done
    
    c...
    3182b77d