Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APK2 signer: verify min sdk version #746

Open
2 tasks
g-k opened this issue Sep 3, 2021 · 0 comments
Open
2 tasks

APK2 signer: verify min sdk version #746

g-k opened this issue Sep 3, 2021 · 0 comments
Labels
code quality code improvements and tidiness

Comments

@g-k
Copy link
Contributor

g-k commented Sep 3, 2021

It appears that we're signing everything with minSDK 18 regardless of key type. It'd be good to add unit or integration tests or both to verify the min SDK we sign with based on key type

autograph/signer/apk2/apk2.go

Lines 80 to 87 in 019e766

case *ecdsa.PrivateKey:
// ecdsa is only supported in sdk 18 and higher
s.minSdkVersion = "18"
log.Printf("apk2: setting min android sdk version to 18 as required to sign with ecdsa")
default:
log.Printf("apk2: setting min android sdk version to 9")
s.minSdkVersion = "9"
}

Possible changes:

  • add a unit test with an ECDSA private key e.g. copy the apk_cert_with_ecdsa_sha256 config
  • verify SDK versions for RSA and ECDSA Apk signers e.g. add apt -y install -t buster-backports aapt to the Dockerfile and check SDK versions aapt list -a | grep -i sdk
@g-k g-k added the code quality code improvements and tidiness label Sep 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code quality code improvements and tidiness
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@g-k