verifying reproducible APKs: apksigcopier
Holger Levsen
holger at layer-acht.org
Mon Mar 29 12:25:46 UTC 2021
Hi Felix,
On Mon, Mar 29, 2021 at 03:02:33AM +0200, Felix C. Stegerman wrote:
> The F-Droid reproducible builds & verification effort recently led [1]
> to the development of apksigcopier [2], a tool to copy APK signatures
> from a signed APK to an unsigned one.
nice, that seems very useful! :) & thank you for bringing this up here!
> ( I've started packaging it for Debian [3] and intend to file an ITP
> soon, but since I'm not a Debian developer -- yet, though I'd like
> to become one -- I could use some help with that. )
I'd be glad to mentor a bit and sponsor your uploads.
> [3] https://salsa.debian.org/obfusk/apksigcopier/-/commits/debian/sid
on a very quick look seems like a pretty good start!
debhelper-compat could be 13 and standards-version 4.5.1, and I'm pretty
sure d/copyright needs parts of the actual licence text and not only a
pointer. did you run lintian on the binary .changes file?
Please ping me / this list once the ITP bug is there and once you consider
the packaging to be ready!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
⠈⠳⣄
"There's no glory in prevention." (Christian Drosten)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210329/f8d766cf/attachment.sig>
More information about the rb-general
mailing list