`AllowedAPKSigningKeys` cleanups (!1343) · Merge requests · F-Droid / fdroidserver

Jason Donenfeld requested to merge zx2c4/fdroidserver:cert-pin into master Apr 18, 2023

lint: `binary` or `Binaries` requires `AllowedAPKSigningKeys`

Per fdroiddata!12911 (merged) the linter should error out if somebody uses binary or Binaries without supplying an AllowedAPKSigningKeys.

There are two reasons for this:

Security: this allows full verification that the binaries built match the developers, not just what happened to get uploaded onto github at some later point in time.
Reliable updates: if the signing key changes, users won't be able to update, so this is something we should learn about when upstreams send in commits changing their signing key, rather than just leaving it to chance.

build: check `AllowedAPKSigningKeys` in reproducible build scenario

The builder should check the AllowedAPKSigningKeys at build time, so that the CI can check if somebody gives a wrong value that doesn't match a compared RB binary. In the event it fails, it gives useful information, and in the event it succeeds, it makes it clear that this build has verification back to the developer's original key.

Edited Apr 19, 2023 by Jason Donenfeld

`AllowedAPKSigningKeys` cleanups

lint: binary or Binaries requires AllowedAPKSigningKeys

build: check AllowedAPKSigningKeys in reproducible build scenario

Merge request reports

lint: `binary` or `Binaries` requires `AllowedAPKSigningKeys`

build: check `AllowedAPKSigningKeys` in reproducible build scenario