Webierta
commented
9 months ago I'm on it
Closed IzzySoft closed 9 months ago
Webierta
commented
9 months ago I'm on it
Webierta
commented
9 months ago I have published a new apk. I was surprised because this was never published on F-Droid.
Can I take this opportunity to ask you about these two issues?:
https://gitlab.com/fdroid/rfp/-/issues/2593 https://gitlab.com/fdroid/rfp/-/issues/2228
Thank you
IzzySoft
commented
9 months ago I have published a new apk.
Which is again signed using a debug key:
Signer #1 certificate DN: C=US, O=Android, CN=Android Debug
Signer #1 certificate SHA-256 digest: 3d6e6652b0cb6be18765957bf2cd317053ddf19c46c50aa6b4cd43fc88554d1d
Signer #1 certificate SHA-1 digest: 12d44bc60819839f86f7e390bf3df99582614541
Signer #1 certificate MD5 digest: fc1d817b4b39474c9c6cd892b727f15f
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048Can you please use your release key for that? Otherwise we'll have the very same problem again in about a year (to my knowledge, debug keys expire after 365 days – and you should not use them for APKs intended to be distributed anyway).
I was surprised because this was never published on F-Droid.
It's in my repo since 2022-11-17 :smiley:
Can I take this opportunity to ask you about these two issues?
Until around 10/2023 yes, since then yes but I cannot help you there. I'm currently not active at F-Droid, sorry.
Webierta
commented
9 months ago I have signed the application, is everything correct?
If you want, you can also include those two applications in your repository.
IzzySoft
commented
9 months ago I have signed the application, is everything correct?
Yes, wonderful! May I suggest adding a comment to the release notes like
The signing key has been changed from a debug key to a (proper) release key (see #8). To upgrade from a previous version, you will need to uninstall the old version first before installing the new version.
I've just added that as per-release changelog for this release to make people aware (so they do not wonder why they cannot update).
If you want, you can also include those two applications in your repository.
Carfoin is signed with a debug key, so you'd need to provide a properly signed APK there for me. Adding Tarifa Luz now, which has a good certificate – and fastlane :smiley: May I suggest to remove the (transparent) frames from the screenshots there? Think of watching them on the small screen of a low-end device: they just steal valuable screen estate there without bringing any advantage to it. Meanwhile, there you go:
Should show up in about half an hour (perfectly timed, just got it in 5 minutes before the update/sync task starts).
IzzySoft
commented
9 months ago PS:
A scan (see here for details and background) just revealed the APKs at your releases are signed using an expired debug key ("denyAfter 2019-01-01"). As that has security implications, may I ask you to please switch to a proper release key, and provide the corresponding APK signed with it? Thanks in advance!