Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bundletool fails to validate code transparency for apps using v3.1 signature scheme #369

Open
greyson-signal opened this issue Jul 15, 2024 · 0 comments
Open

Bundletool fails to validate code transparency for apps using v3.1 signature scheme #369

greyson-signal opened this issue Jul 15, 2024 · 0 comments

Comments

@greyson-signal
Copy link

Describe the bug
apksig 4.2.0-alpha13 doesn’t support the v3.1 signature scheme, causing an APK signed with that scheme to fail validation with the following error:

APK Signature Scheme v3 signers supported min/max SDK versions do not cover the entire desired range.  Found min:  24 max 32

Bundletool version(s) affected
Version: presumably all, but tested using 1.17.0

Stacktrace
Copy all of the output of the command, including the stacktrace if visible.

APK Signature Scheme v3 signers supported min/max SDK versions do not cover the entire desired range.  Found min:  24 max 32

To Reproduce
Install Signal on a device (which uses the v3.1 signature scheme), and run the following:

java -jar bundle tool.jar check-transparency --mode=connected_device --package-name="org.thoughtcrime.securesms"

Expected behavior
The signature is valid and should not fail.

Known workaround
Thankfully this can be fixed if apksig is updated to the latest version:
#368

Environment:
OS: Ubuntu 22.04, but presumably this doesn't matter

Additional context
None
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@greyson-signal