Archives
/
MinMicroG
mirror of https://github.com/FriendlyNeighborhoodShane/MinMicroG
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

res/util/func-resdl.sh: use apksigner for cert dump

Browse Source 
Avoids a dependency on openssl.
pull/53/head
FriendlyNeighborhoodShane 10 months ago
parent 2470d2b31d
commit 854ad03dd8
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File

8
README.md
Unescape Escape View File

@ -132,10 +132,10 @@ specific files.
You can pass `build.sh` some specific pack's conf names instead of all to build
only the specific packs.
If you have `apksigner` and `openssl` installed, the update script will dump
the signing certificates of all downloaded APKs and repo jars to
`resdl/util/certs`. It will compare all future downloads with those certs, and
in case of any signature errors or mismatches, will warn you.
If you have `apksigner` installed, the update script will dump the signing
certificates of all downloaded APKs and repo jars to `resdl/util/certs`. It
will compare all future downloads with those certs, and in case of any
signature errors or mismatches, will warn you.
If you have `aapt` installed, the update script will download the permission
docs from the Android website, check the priv-apps for any new privileged

12
res/util/func-resdl.sh
Unescape Escape View File

@ -61,9 +61,9 @@ verifycerts() {
[ "$stuff_repo" ] || echo "$stuff_download" | grep -qE "^[ ]*[^ ]+.apk[ ]+" || return 0;
command -v "apksigner" >/dev/null && command -v "openssl" >/dev/null || {
command -v "apksigner" >/dev/null || {
echo " ";
echo " !! Not checking certificates (missing apksigner or openssl)";
echo " !! Not checking certificates (missing apksigner)";
return 0;
}
@ -82,10 +82,10 @@ verifycerts() {
[ -f "$certdir/$certobject" ] || {
echo " -- Adding cert for new repo ($repo)";
mkdir -p "$certdir/$(dirname "$certobject")";
unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
apksigner verify --min-sdk-version=19 --max-sdk-version=19 --print-certs-pem "$tmpdir/repos/$repo.jar" | grep -v '^WARNING: ' > "$certdir/$certobject";
continue;
}
unzip -p "$tmpdir/repos/$repo.jar" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
apksigner verify --min-sdk-version=19 --max-sdk-version=19 --print-certs-pem "$tmpdir/repos/$repo.jar" | grep -v '^WARNING: ' > "$tmpdir/tmp.cer";
[ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
echo " !! Cert mismatch for repo ($repo)";
cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";
@ -105,10 +105,10 @@ verifycerts() {
[ -f "$certdir/$certobject" ] || {
echo " -- Adding cert for new APK ($object)";
mkdir -p "$certdir/$(dirname "$certobject")";
unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$certdir/$certobject";
apksigner verify --print-certs-pem "$resdldir/$object" | grep -v '^WARNING: ' > "$certdir/$certobject";
continue;
}
unzip -p "$resdldir/$object" "META-INF/*.RSA" | openssl pkcs7 -inform der -print_certs > "$tmpdir/tmp.cer";
apksigner verify --print-certs-pem "$resdldir/$object" | grep -v '^WARNING: ' > "$tmpdir/tmp.cer";
[ "$(diff -w "$tmpdir/tmp.cer" "$certdir/$certobject")" ] && {
echo " !! Cert mismatch for APK ($object)";
cp -f "$tmpdir/tmp.cer" "$certdir/$certobject.new";

Write Preview
Loading…
Cancel
Save