fdroidserver.signindex module

fdroidserver.signindex.main()

fdroidserver.signindex.sign_index(repodir, json_name)

Sign data file like entry.json to make a signed JAR like entry.jar.

The data file like index-v1.json means that there is unsigned data. That file is then stuck into a jar and signed by the signing process. This is a bit different than sign_jar, which is used for index.jar: that creates index.xml then puts that in a index_unsigned.jar, then that file is signed.

This also checks to make sure that the JSON files are intact before signing them. Broken JSON files should never be signed, so taking some extra time and failing hard is the preferred option. This signing process can happen on an entirely separate machine and file tree, so this ensures that nothing got broken during transfer.

fdroidserver.signindex.sign_jar(jar, use_old_algs=False)

Sign a JAR file with the best available algorithm.

The current signing method uses apksigner to sign the JAR so that it will automatically select algorithms that are compatible with Android SDK 23, which added the most recent algorithms: https://developer.android.com/reference/java/security/Signature

This signing method uses then inherits the default signing algothim settings, since Java and Android both maintain those. That helps avoid a repeat of being stuck on an old signing algorithm. That means specifically that this call to apksigner does not specify any of the algorithms.

The old indexes must be signed by SHA1withRSA otherwise they will no longer be compatible with old Androids.

This method requires a properly initialized config object.

fdroidserver.signindex.status_update_json(signed)

Output a JSON file with metadata about this run.