Work around old apksigner on f-droid.org publish server

.gitlab-ci.yml

@@ -102,6 +102,27 @@ debian_testing:
     - ./run-tests
 
 
+# This tests with buster-backports to match what is used on the f-droid.org publish server. 
+buster_backports:
+  image: debian:buster-backports
+  <<: *apt-template
+  script:
+    - apt-get install
+        aapt
+        androguard
+        apksigner
+        dexdump
+        fdroidserver
+        git
+        gnupg
+        python3-defusedxml
+        python3-setuptools
+        zipalign
+    - apt-get install -t buster-backports apksigner
+    - cd tests
+    - ./run-tests
+
+
 # Test using latest LTS set up with the PPA, including Recommends.
 ubuntu_lts_ppa:
   image: ubuntu:latest

fdroidserver/common.py

@@ -85,7 +85,8 @@ FDROID_PATH = os.path.realpath(os.path.join(os.path.dirname(__file__), '..'))
 # this is the build-tools version, aapt has a separate version that
 # has to be manually set in test_aapt_version()
 MINIMUM_AAPT_BUILD_TOOLS_VERSION = '26.0.0'
-# 30.0.0 is the first version to support --v4-signing-enabled.
+# 31.0.0 is the first version to support --v4-signing-enabled.
+# we only require 30.0.0 for now as that's the version in buster-backports, see also signindex.py
 # 26.0.2 is the first version recognizing md5 based signatures as valid again
 # (as does android, so we want that)
 MINIMUM_APKSIGNER_BUILD_TOOLS_VERSION = '30.0.0'

fdroidserver/signindex.py

@@ -111,7 +111,13 @@ def sign_jar(jar, use_old_algs=False):
     }
     p = common.FDroidPopen(args, envs=env_vars)
     if p.returncode != 0:
-        raise FDroidException("Failed to sign %s: %s" % (jar, p.output))
+        # workaround for buster-backports apksigner on f-droid.org publish server
+        v4 = args.index("--v4-signing-enabled")
+        del args[v4 + 1]
+        del args[v4]
+        p = common.FDroidPopen(args, envs=env_vars)
+        if p.returncode != 0:
+            raise FDroidException("Failed to sign %s: %s" % (jar, p.output))
 
 
 def sign_index(repodir, json_name):