common: fix bug in new SHA-256 signatures for >= android-18

Luckily, this is only used in `fdroid nightly` so far.
2017-12-22 17:49:36 +01:00 · 2017-12-22 17:49:36 +01:00 · e451ec0079
parent 109eb928e8
commit e451ec0079
2 changed files with 13 additions and 1 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -2466,7 +2466,7 @@ def sign_apk(unsigned_path, signed_path, keyalias):
    if get_minSdkVersion_aapt(unsigned_path) < 18:
        signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
    else:
-        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA256']
+        signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']

    p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
                     '-storepass:env', 'FDROID_KEY_STORE_PASS',
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@ -521,6 +521,18 @@ class CommonTest(unittest.TestCase):
        self.assertFalse(os.path.isfile(unsigned))
        self.assertTrue(fdroidserver.common.verify_apk_signature(signed))

+        # now sign an APK with minSdkVersion >= 18
+        unsigned = os.path.join(testdir, 'duplicate.permisssions_9999999-unsigned.apk')
+        signed = os.path.join(testdir, 'duplicate.permisssions_9999999.apk')
+        shutil.copy(os.path.join(self.basedir, 'repo', 'duplicate.permisssions_9999999.apk'),
+                    os.path.join(unsigned))
+        fdroidserver.common.apk_strip_signatures(unsigned, strip_manifest=True)
+        fdroidserver.common.sign_apk(unsigned, signed, config['keyalias'])
+        self.assertTrue(os.path.isfile(signed))
+        self.assertFalse(os.path.isfile(unsigned))
+        self.assertTrue(fdroidserver.common.verify_apk_signature(signed))
+        self.assertEqual(18, fdroidserver.common.get_minSdkVersion_aapt(signed))
+
    def test_get_api_id_aapt(self):

        config = dict()