Bug#1023044: ITP: apksigtool -- parse/verify/clean android apk signing blocks & apks
Package: wnpp
Severity: wishlist
Owner: FC Stegerman <flx@obfusk.net>
X-Debbugs-Cc: debian-devel@lists.debian.org, flx@obfusk.net
* Package name : apksigtool
Version : 0.5.0
Upstream Author : FC Stegerman <flx@obfusk.net>
* URL : https://github.com/obfusk/apksigtool
* License : AGPLv3+
Programming Lang: Python
Description : parse/verify/clean android apk signing blocks & apks
apksigtool is a tool for parsing android APK Signing Blocks (either
embedded in an APK or extracted as a separate file, e.g. using
apksigcopier) and verifying APK signatures. It can also clean them
(i.e. remove everything that's not an APK Signature Scheme v2/v3
Block or verity padding block), which can be useful for reproducible
builds.
WARNING: verification is considered EXPERIMENTAL and SHOULD NOT BE
RELIED ON, please use apksigner instead.
apksigtool is a proposed new optional dependency for diffoscope [1],
allowing it to properly compare APK Signing Blocks.
I am the upstream author and want to package and maintain it for
Debian as well (like I already do with apksigcopier).
I am looking for a sponsor, since I am (still) a Sponsored Maintainer.
NB: v0.5.0 hasn't actually been released yet, but it will be soon.
- FC
[1] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/320
Reply to: