kl3jvi
commented
1 year ago Hi @IzzySoft I lost the old certificate and needed to re upload the new app. I don't know where I can find that one
Open IzzySoft opened 1 year ago
kl3jvi
commented
1 year ago Hi @IzzySoft I lost the old certificate and needed to re upload the new app. I don't know where I can find that one
IzzySoft
commented
1 year ago That's sad, I was afraid this might be the cause. Is there any way we can confirm it's really you (and not just someone claiming your identity)? Unfortunately, only few of your commits are signed (and the first signed commit was after the key change), so this option is lost.
IzzySoft
commented
11 months ago @kl3jvi any answer to my question? I cannot add new releases before this issue is solved; for security reasons, at least a minimal verification is required.
kl3jvi
commented
11 months ago What verification?
IzzySoft
commented
11 months ago How can we be sure it's really you – and not someone else having somehow gotten access to your repo and added a (modified) APK? For details, please see How to keep your key safe and what measures to take for the event of loss? Do we have any way to at least have minimal verification?
kl3jvi
commented
11 months ago Lol my releases are verified u can easily check them
IzzySoft
commented
11 months ago Sorry, but I don't see any "verification" at releases, nor are the tags signed. Can you please explain?
IzzySoft
commented
11 months ago And btw, @kl3jvi – versionCode has not been changed for 2 releases now (it's still 2 as it was back in 2021), so nobody'll receive any update information anyway.
IzzySoft
commented
11 months ago So any chance we can get that tackled, @kl3jvi – or should I rather drop your app from my repo? If we cannot even achieve a basic verification, and you never change the versionCode, it makes not much sense to keep it there.
kl3jvi
commented
11 months ago I will have a look into it today, as I am a bit busy at work. @IzzySoft
IzzySoft
commented
11 months ago Thanks a lot!
IzzySoft
commented
10 months ago And luckily, any day is "today" – at a given point in time :see_no_evil: So where do we stand?
IzzySoft
commented
10 months ago OK, your app got "wiped" from the repo for the 3rd time now as the monthly update check replaced the existing versionCode:2 file with the latest release from here, dating August 8 and also claiming to be versionCode:2 – while having a different signature. It's bee 2 months now, and it's still not clear what changed the signature – and there's still no fix.
I won't take the time to reset this every month – especially when it seems that a fix won't happen. So I'll now de-configure it here. There won't be any update checks anymore, and the app is no longer shipped with my repo. If you want it listed there again, you can send me a ping here once you've solved the issue (i.e. fixed the versionCode with a new release, and resolved the signature question) – then we can see if your app can be re-established here.
Sorry for the inconvenience, but that's the only way I currently see. Still and honest, all the best for you and your project(s)!
Looks like the latest releases (v1.0.3 & v1.0.4) were signed with a different key:
while the versions before used
What happened to your signing key (I couldn't find any hint in the release notes either)? A changed key could mean someone hacked your repo and added modified APKs (but could not sign them with the correct key as you hopefully kept it safe).
Further,
versionCodeof your app toggles between 1 and 2 instead of being always increased with each new release, which makes updates quite difficult (and with the key changing even impossible). As the latest release (v1.0.4) just overwrote v1.0.2 (the last one with the original key) due to having the same versionCode, your app entirely disappeared from my repo now as the signing key was not accepted, so I'll have to revert back to v1.0.2 here for now until this issue is solved. I might need to disable updates entirely (they were set to monthly last November as the repo looked dormant then) if it cannot be solved until the next update check will drag in the v1.0.4 APK again, bringing us back to the current situation.