first basic support for APK Signature v2 and v3 (!618) · Merge requests · F-Droid / fdroidserver

With much help from @uniqx, I got this done for the v1.1.x release cycle for Debian/buster. This is the first level of supporting APK Signatures v1, v2, and v3. This is enough to include APKs with any combo of v1/v2/v3 signatures. For this to work at all, apksigner and androguard 3.3.3+ must be installed.

This does not touch the signature extraction code used by fdroid signatures for use in reproducible builds. The good news is that v1 and v2 signatures include the same signing certificate, when they are both encoded in DER format. What remains to be done there is to figure out extracting v2+ signatures, and reinserting them. #399 (closed)

@Bubu @schildbach @IzzySoft

Edited Jan 30, 2019 by Hans-Christoph Steiner

first basic support for APK Signature v2 and v3

Merge request reports