search

quentin-st / Munin-for-Android

Watch your munin-monitored servers on your Android devices
https://www.munin-for-android.com/
GNU General Public License v2.0
44 stars 7 forks source link

signature issues #36

Open IzzySoft opened 6 years ago

IzzySoft commented 6 years ago

For the latest versions (4.0.5 and 4.0.6), apksigner throws an error on the .apk files from releases/:

ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.SF indicates the APK is signed using APK Signature Scheme v2 but no such signature was found. Signature stripped?

This means two things: newer versions of fdroidserver (I have to upgrade mine soon as the version I run isn't supported by the latest Android clients) will reject the package – and devices running Nougat or above certainly will as well.

Could you please check and fix this? Thanks!

IzzySoft commented 6 years ago

Update: As a couple of other projects had the same issues, I'd filed reports with them too. Two of them were able to solve it in a very easy way: Simply recompile the APK with a recent version of Android Studio.

Seems there was a bug in a previous version of it (probably when they started integrating v2-signing). So could you try that and let me know? Thanks in advance!

quentin-st commented 6 years ago

Hi there!

Thank you for your investigations! I just released a new version of the app (v4.0.7) with a freshly generated APK: could you confirm that it solves the signing issues you're encountering?

Thanks!

IzzySoft commented 6 years ago

Yes, I can confirm the error on the broken v2 signing is gone, congrats! However, there are some warnings you might wish to investigate as well:

WARNING: META-INF/com.android.support_animated-vector-drawable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_appcompat-v7.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_design.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_mediarouter-v7.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_palette-v7.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_recyclerview-v7.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-vector-drawable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_transition.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.core.JsonFactory not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
quentin-st commented 6 years ago

Great, thanks! Keeping this issue open to investigate these warnings.

IzzySoft commented 6 years ago

Good idea! I might be of assistance once more. For a possible solution, please see this related issue:

Althought these are only text files we should investigate how to avoid this.

Easy. Exclude as follows:

    packagingOptions {
        exclude 'META-INF/LICENSE.txt'
        exclude 'META-INF/LICENSE'
    }

That is, if they are not needed for dependencies – which I cannot tell, not being an Android dev. Otherwise, APKSigner Warning suggests what you already have done:

I had reinstalled my android studio and all related dependencies. Also had updated all packages associated with cordova, angular and ionic. I may have updated my jdk as well. Not sure. Don’t remember.

My guess is that one of these updates had resolved this issue. I think its android studio reinstall.

Not being an Android dev myself I cannot tell for sure, of course – just report my findings :wink: As far as I can see, those files are "just informational", holding the version number of the resp. library – so the first approach might be viable. But then that would mean updating that everytime a new entry gets added …