[Git][reproducible-builds/diffoscope][master] Add support for extracting Android V2 signing keys. (Closes: reproducible-builds/diffoscope#246)

Chris Lamb (@lamby) gitlab at salsa.debian.org
Sun Aug 29 14:04:15 UTC 2021 


Chris Lamb pushed to branch master at Reproducible Builds / diffoscope


Commits:
69c125e4 by Chris Lamb at 2021-08-29T15:03:50+01:00
Add support for extracting Android V2 signing keys. (Closes: reproducible-builds/diffoscope#246)

- - - - -


4 changed files:

- debian/control
- diffoscope/comparators/apk.py
- diffoscope/external_tools.py
- setup.py


Changes:

=====================================
debian/control
=====================================
@@ -8,6 +8,7 @@ Uploaders:
  Mattia Rizzolo <mattia at debian.org>,
 Build-Depends:
  abootimg <!nocheck>,
+ androguard <!nocheck>,
  apksigner <!nocheck>,
  apktool [!ppc64el !s390x] <!nocheck>,
  bash-completion,


=====================================
diffoscope/comparators/apk.py
=====================================
@@ -18,6 +18,8 @@
 # along with diffoscope.  If not, see <https://www.gnu.org/licenses/>.
 
 import re
+import binascii
+import textwrap
 import os.path
 import logging
 import itertools
@@ -25,7 +27,11 @@ import subprocess
 
 from diffoscope.difference import Difference
 from diffoscope.exc import RequiredToolNotFound
-from diffoscope.tools import tool_required, find_executable
+from diffoscope.tools import (
+    tool_required,
+    find_executable,
+    python_module_missing,
+)
 from diffoscope.tempfiles import get_temporary_directory
 
 from .utils.archive import Archive
@@ -36,6 +42,12 @@ from .missing_file import MissingFile
 
 logger = logging.getLogger(__name__)
 
+try:
+    import androguard
+except ImportError:
+    python_module_missing("androguard")
+    androguard = None
+
 
 class ApkContainer(Archive):
     @property
@@ -229,9 +241,43 @@ class ApkFile(ZipFileBase):
             # Don't require apksigner
             self.add_comment(exc.get_comment())
 
+        if androguard is None:
+            self.add_comment(
+                "'androguard' Python package not installed; cannot extract V2 signing keys."
+            )
+        else:
+            x = Difference.from_text_readers(
+                get_v2_signing_keys(self.path),
+                get_v2_signing_keys(other.path),
+                self.path,
+                other.path,
+                source="Android V2 signing keys",
+            )
+            if x is not None:
+                differences.insert(0, x)
+
         return differences
 
 
+def get_v2_signing_keys(path):
+    from androguard.core.bytecodes import apk
+
+    try:
+        instance = apk.APK(path)
+        instance.parse_v2_signing_block()
+    except Exception:
+        return ""
+
+    def format_key(x):
+        return "\n".join(textwrap.wrap(binascii.hexlify(x).decode("utf-8")))
+
+    output = []
+    for k, v in sorted(instance._v2_blocks.items()):
+        output.append("Key 0x{}:\n{}\n".format(hex(k), format_key(v)))
+
+    return "\n".join(output)
+
+
 def filter_apk_metadata(filepath, archive_name):
     new_filename = os.path.join(os.path.dirname(filepath), "APK metadata")
 


=====================================
diffoscope/external_tools.py
=====================================
@@ -1,7 +1,7 @@
 #
 # diffoscope: in-depth comparison of files, archives, and directories
 #
-# Copyright © 2017-2020 Chris Lamb <lamby at debian.org>
+# Copyright © 2017-2021 Chris Lamb <lamby at debian.org>
 # Copyright © 2021 Jean-Romain Garnier <salsa at jean-romain.com>
 #
 # diffoscope is free software: you can redistribute it and/or modify
@@ -24,6 +24,7 @@ that might resolve to, for example, `/usr/bin/abootimg`..
 
 EXTERNAL_TOOLS = {
     "abootimg": {"debian": "abootimg", "guix": "abootimg"},
+    "androguard": {"debian": "androguard"},
     "apktool": {"debian": "apktool"},
     "apksigner": {"debian": "apksigner"},
     "db_dump": {"debian": "db-util", "guix": "bdb"},


=====================================
setup.py
=====================================
@@ -58,6 +58,7 @@ setup(
         "distro_detection": ["distro"],
         "cmdline": ["argcomplete", "progressbar"],
         "comparators": [
+            "androguard",
             "binwalk",
             "defusedxml",
             "guestfs",



View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/69c125e43b4fa7ee2a1fe96644a7221500cdc6df

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/69c125e43b4fa7ee2a1fe96644a7221500cdc6df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210829/8b2a22a2/attachment.htm>

More information about the rb-commits mailing list