apksigcopier v1.1.1 & repro-apk v0.2.2 + v0.2.3

FC Stegerman flx at obfusk.net
Wed Feb 8 10:19:06 UTC 2023 

Hi!

I've just released apksigcopier [1] (a tool for copying android APK
signatures in order to verify reproducible builds) v1.1.1.

And reproducible-apk-tools [2] (a set of scripts to make android APKs
reproducible or find out why they are not) v0.2.2 a week ago and
v0.2.3 today.

>From the apksigcopier changelog:

  v1.1.1
  
  • docs: update FAQ, add changelog.txt, add caveat about compare & signflinger.
  • copy_apk(): exclude dirs, fix max date_time.
  • copy_apk(): add copy_extra/exclude/realign kwargs.
  • _realign_zip_entry(): use extra field from LH, not CD.
  • _get_compresslevel(): check crc32, not just length.
  • _realign_zip_entry(): pad w/ zeroes when zfe is present.
  • split off is_directory(), exclude_meta(), exclude_default(), detect_zfe().
  • compare: add --verify-cmd.
  • cli: catch zipfile.BadZipFile.
  • add skip_realignment option.
  • validate_differences(): add is_meta() check.
  • add doctests, improve CI & typechecking.
  • improve & refactor code.
  • improve tests, use --min-sdk-version=24 instead of 28.
  • mypy: --strict --disallow-any-unimported.
  • Makefile: set SOURCE_DATE_EPOCH for reproducible wheels.
  • rm tab completion info & code.

This release mostly fixes some small bugs (most of which had not been
triggered "in the wild" so far) and improves testing and typechecking.

>From the reproducible-apk-tools changelog:

  v0.2.3
  
  • add zipinfo.py.
  • repro-apk cli: catch zipfile.BadZipFile.
  • update README & description.
  
  v0.2.2
  
  • add dump-axml.py.
  • inplace-fix: find zipalign via $ANDROID_HOME when not on $PATH.
  • inplace-fix: blocklist build-tools w/ broken zipalign.

The new zipinfo.py is a Python re-implementation of zipinfo(1) that
adds the -e option to show the CRC32 as well, which is quite useful
when quickly trying to find out what's different about two APK/ZIP
files (as a diff of the regular zipinfo output would not reveal files
with different content but identical file size and metadata).

- FC

[1] https://github.com/obfusk/apksigcopier
[2] https://github.com/obfusk/reproducible-apk-tools

More information about the rb-general mailing list