`AllowedAPKSigningKeys` cleanups
binary
or Binaries
requires AllowedAPKSigningKeys
lint: Per fdroiddata!12911 (merged) the linter should error out if somebody uses binary
or
Binaries
without supplying an AllowedAPKSigningKeys
.
There are two reasons for this:
-
Security: this allows full verification that the binaries built match the developers, not just what happened to get uploaded onto github at some later point in time.
-
Reliable updates: if the signing key changes, users won't be able to update, so this is something we should learn about when upstreams send in commits changing their signing key, rather than just leaving it to chance.
AllowedAPKSigningKeys
in reproducible build scenario
build: check The builder should check the AllowedAPKSigningKeys
at build time, so
that the CI can check if somebody gives a wrong value that doesn't match
a compared RB binary. In the event it fails, it gives useful
information, and in the event it succeeds, it makes it clear that this
build has verification back to the developer's original key.