Bug#847657: marked as done (ITP: apksig -- sign and verify Android APK signatures)

To: Hans-Christoph Steiner <hans@eds.org>
Subject: Bug#847657: marked as done (ITP: apksig -- sign and verify Android APK signatures)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 11 Dec 2016 16:03:39 +0000
Message-id: <[🔎] handler.847657.D847657.14814720124486.ackdone@bugs.debian.org>
References: <E1cG6Xq-0006HS-PN@fasolo.debian.org> <[🔎] 6165ea9f-79d3-0189-7b17-5c2d212be6fb@eds.org>

Your message dated Sun, 11 Dec 2016 16:00:10 +0000
with message-id <E1cG6Xq-0006HS-PN@fasolo.debian.org>
and subject line Bug#847657: fixed in android-platform-tools-apksig 0.3+git154~gfdc6e98-1
has caused the Debian Bug report #847657,
regarding ITP: apksig -- sign and verify Android APK signatures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
847657: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847657
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: apksig -- sign and verify Android APK signatures
From: Hans-Christoph Steiner <hans@eds.org>
Date: Sat, 10 Dec 2016 13:05:07 +0100
Message-id: <[🔎] 6165ea9f-79d3-0189-7b17-5c2d212be6fb@eds.org>

Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner" <hans@eds.org>

* Package name    : apksig
  Version         : 0.3
  Upstream Author : The Android Open Source Project
* URL             : https://android.googlesource.com/platform/tools/apksig
* License         : Apache-2.0
  Programming Lang: Java
  Package source  :
https://anonscm.debian.org/git/android-tools/android-platform-tools-apksig.git
  Description: sign and verify Android APK signatures

apksig is a project which aims to simplify APK signing and checking
whether APK's signatures should verify on Android. apksig supports JAR
signing (used by Android since day one) and APK Signature Scheme v2
(supported since Android Nougat, API Level 24).

The key feature of apksig is that it knows about differences in APK
signature verification logic between different versions of the Android
platform. apksig can thus check whether a signed APK is expected to
verify on all Android platform versions supported by the APK. When
signing an APK, apksig will choose the most appropriate cryptographic
algorithms based on the Android platform versions supported by the APK
being signed.

The project consists of two subprojects:

    apksig -- a pure Java library, and
    apksigner -- a pure Java command-line tool based on the apksig library.


apksig library offers three primitives:

    ApkSigner which signs the provided APK so that it verifies on all
Android platform versions supported by the APK. The range of platform
versions can be customized if necessary.
    ApkVerifier which checks whether the provided APK is expected to
verify on all Android platform versions supported by the APK. The range
of platform versions can be customized if necessary.
    (Default)ApkSignerEngine which abstracts away signing an APK from
parsing and building an APK file. This is useful in optimized APK
building pipelines, such as in Android Plugin for Gradle, which need to
perform signing while building an APK, instead of after. For simpler use
cases where the APK to be signed is available upfront, the ApkSigner
above is easier to use.

NOTE: Some public classes of the library are in packages having the word
“internal” in their name. These are not public API of the library. Do
not use *.internal.* classes directly.
apksigner command-line tool

apksigner command-line tool offers two operations:

    sign the provided APK so that it verifies on all Android platforms
supported by the APK. Run apksigner sign for usage information.
    check whether the provided APK's signatures are expected to verify
on all Android platforms supported by the APK. Run apksigner verify for
usage information.

The tool determines the range of Android platform versions (API Levels)
supported by the APK by inspecting the APK's AndroidManifest.xml. This
behavior can be overridden by specifying the range of platform versions
on the command-line.

--- End Message ---

--- Begin Message ---

To: 847657-close@bugs.debian.org
Subject: Bug#847657: fixed in android-platform-tools-apksig 0.3+git154~gfdc6e98-1
From: Hans-Christoph Steiner <hans@eds.org>
Date: Sun, 11 Dec 2016 16:00:10 +0000
Message-id: <E1cG6Xq-0006HS-PN@fasolo.debian.org>

Source: android-platform-tools-apksig
Source-Version: 0.3+git154~gfdc6e98-1

We believe that the bug you reported is fixed in the latest version of
android-platform-tools-apksig, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 847657@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hans-Christoph Steiner <hans@eds.org> (supplier of updated android-platform-tools-apksig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 10 Dec 2016 12:48:20 +0000
Source: android-platform-tools-apksig
Binary: libapksig-java apksigner
Architecture: source all
Version: 0.3+git154~gfdc6e98-1
Distribution: unstable
Urgency: medium
Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
Changed-By: Hans-Christoph Steiner <hans@eds.org>
Description:
 apksigner  - command line tool to sign and verify Android APKs
 libapksig-java - library to sign and verify Android APKs
Closes: 847657
Changes:
 android-platform-tools-apksig (0.3+git154~gfdc6e98-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #847657)
Checksums-Sha1:
 05544bd932acaed09e21cec3c1cccd63b9d5e683 2172 android-platform-tools-apksig_0.3+git154~gfdc6e98-1.dsc
 292b773ceb94e5d08ab8037761a79f3465cad139 108581 android-platform-tools-apksig_0.3+git154~gfdc6e98.orig.tar.gz
 c4f47abe8a4e993ba9fe31b70c9228f8cabcff62 5264 android-platform-tools-apksig_0.3+git154~gfdc6e98-1.debian.tar.xz
 8b8ee1e40805d30eba579a89f48254a0085b2858 16194 android-platform-tools-apksig_0.3+git154~gfdc6e98-1_amd64.buildinfo
 d372f6c93d410e7f939a77bff1ef0bcdcc79a7f4 209346 apksigner_0.3+git154~gfdc6e98-1_all.deb
 34c3d11a13e02266a7140aae8abc2f3f74aa407f 179904 libapksig-java_0.3+git154~gfdc6e98-1_all.deb
Checksums-Sha256:
 7a218538405429c3ea736420e952634f58bdbed97ac8e3aa5e409d4c4a086fc4 2172 android-platform-tools-apksig_0.3+git154~gfdc6e98-1.dsc
 e8c51b5cbb7db81c3aa4ff40a994f529a738256deae883fafe318d6f34b64da7 108581 android-platform-tools-apksig_0.3+git154~gfdc6e98.orig.tar.gz
 3f7db801e4c696bdde2fe656c0eb02f442d653998734fdb70a39dbaba4202117 5264 android-platform-tools-apksig_0.3+git154~gfdc6e98-1.debian.tar.xz
 781b20979b725d8357c00a7aa490be9516816a5582e1b0b199d157d7dfa0543a 16194 android-platform-tools-apksig_0.3+git154~gfdc6e98-1_amd64.buildinfo
 840751d50bb989dcd4150afa7d3d9dd2e5ff9ac228aedd795c0f8688501695aa 209346 apksigner_0.3+git154~gfdc6e98-1_all.deb
 d7efaacfd30c1a9e74c5fb5443b2255c6936c0f82d2f9fc2ab1f938954a4f6b8 179904 libapksig-java_0.3+git154~gfdc6e98-1_all.deb
Files:
 82422e37730d5e4bfef1ed9f5fa97e7b 2172 java optional android-platform-tools-apksig_0.3+git154~gfdc6e98-1.dsc
 06e2c000bb1b9e09a48e1071428acf6b 108581 java optional android-platform-tools-apksig_0.3+git154~gfdc6e98.orig.tar.gz
 37cc442d8c3198c7de30beca95def1f0 5264 java optional android-platform-tools-apksig_0.3+git154~gfdc6e98-1.debian.tar.xz
 8801464d284bcde91f9f6b1b8079d1cd 16194 java optional android-platform-tools-apksig_0.3+git154~gfdc6e98-1_amd64.buildinfo
 c5a35593b06e5b493aef325bb10dae56 209346 java optional apksigner_0.3+git154~gfdc6e98-1_all.deb
 aa32e3e91483760bd7d143b1e7632388 179904 java optional libapksig-java_0.3+git154~gfdc6e98-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPG for Android - https://guardianproject.info/code/gnupg/

iQEcBAEBCAAGBQJYTIEZAAoJED4XeBe6G5v6Y6YH/iemQZlg8dRG3l3oZP+ZCi4z
cdpNlk9SYDAH3xp2q3/yYVSncMVtbe8N2DqKBSvwQAqgKgjZ4N/b+5DArM3dF+v7
EFUPRHM/rMFLEuqtbomzXYpeF/rhN8eos2RCZArjpgOUWnbfSzHBy7jAJRY8Eh9r
+Rxy39x0Im38gTOzeB+oT/rgwF0B1cihswOOBbn2ruf433FJLUHYYufTEO4ZvoUZ
bDNmaKxCFiJqdEdJIUFAh3GW+Uq8QBHsxH4Jv67pakg+NxsV1/kKVF24Xf36O4yF
GWUTM8wGEHP2uiq7A/V5xIpz8n5XpZUxWKc50tRoEpC6Q3NNMtL3SJjKZorNl9U=
=SjAo
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#847657: ITP: apksig -- sign and verify Android APK signatures
  - From: Hans-Christoph Steiner <hans@eds.org>

Prev by Date: Bug#847628: marked as done (ITP: libpod-pom-view-restructured-perl -- View for Pod::POM that outputs reStructuredText)
Next by Date: Bug#847686: marked as done (ITP: gnome-shell-extension-better-volume -- GNOME Shell extension that improves volume control)
Previous by thread: Bug#847657: ITP: apksig -- sign and verify Android APK signatures
Next by thread: Bug#847661: ITP: css-html-js-minify -- obfuscator/minimiser for CSS, HTML, JavaScript
Index(es):
- Date
- Thread