This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
Bring back upstream code for release APK check #190
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It can be retrived by running the following command: $ keytool -printcert -file CERT.RSA | grep 'SHA1' The fingerprint was still set to the one from the official NewPipe app.
Upstream code checks whether the current APK was signed with the release key for various reasons: - in order to show/hide the "Updates" settings menu - in order to make the "Updates" settings menu searchable or not - in order to check/not check for updates at the application start This behavior was removed in NewPipe SponsorBlock fork, but it probably shouldn't have been: - the newer APK installation won't work if the locally installed APK wasn't signed with the same key - `isReleaseApk` function was still invoked in NewPipe SponsorBlock to allow searching "Updates" settings from settings menu. But as the fingerprint wasn't correct (see 25575ea), the update settings would not be searchable which is a bug - this is a requirement for F-Droid inclusion as they sign their APKs with their own keys (so the updater wouldn't work) and they explicitly forbid auto-updaters by policy (see also polymorphicshade#8)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is it?
Description of the changes in your PR
Upstream code checks whether the current APK was signed with the release
key for various reasons:
This behavior was removed in NewPipe SponsorBlock fork, but it probably
shouldn't have been:
wasn't signed with the same key
isReleaseApkfunction was still invoked in NewPipe SponsorBlock toallow searching "Updates" settings from settings menu. But as the
fingerprint wasn't correct, the update settings would not be searchable
which is a bug
with their own keys (so the updater wouldn't work) and they explicitly
forbid auto-updaters by policy (see also f-droid #8)
This PR brings back all these checks (byte-by-byte with upstream to
make maintaining the fork easier). For this to work properly, it is
obviously needed to use NewPipe Sponsorblock's release key fingerprint
(instead of the upstream one). Therefore, this PR also updates it. It can be
retrieved using the following command:
$ keytool -printcert -file CERT.RSA | grep SHA1Or if you own the keystore, directly:
$ keytool -v -list -keystore my-release-key.keystore -alias <alias_name> | grep SHA1(setting the expected value for <alias_name>)
Before/After Screenshots/Screen Record
Fixes the following issue(s)
Check updatessettings weren't searchable in this fork.APK testing
Not relevant here as I obviously don't have enough money to spend to find a SHA-1 collision yet. Though I tested with a self-signed APK and I can attest that it does what's expected.
Due diligence