use SHA-256 instead of SHA-1 for hasing jar

src/Service/FDroidRepoService.php

@@ -100,26 +100,26 @@ class FDroidRepoService
         $zip = new ZipArchive();
         $zipPath = tempnam(sys_get_temp_dir(), 'zip');
         $zip->open($zipPath, ZipArchive::CREATE);
-        $fileDigest = sha1($contents, true);
+        $fileDigest = hash('sha256', $contents, true);
 
         $fileHeader = 'Name: ' . $file . "\n";
-        $fileHeader .= 'SHA1-Digest: ' . base64_encode($fileDigest) . "\n\n";
+        $fileHeader .= 'SHA-256-Digest: ' . base64_encode($fileDigest) . "\n\n";
 
-        $fileHeaderDigest = sha1($fileHeader, true);
+        $fileHeaderDigest = hash('sha256', $fileHeader, true);
 
         $manifest = "Manifest-Version: 1.0\n";
         $manifest .= "Created-By: CubiStore\n\n";
-        $manifestHeaderDigest = sha1($manifest, true);
+        $manifestHeaderDigest = hash('sha256', $manifest, true);
 
         $manifest .= $fileHeader;
-        $manifestDigest = sha1($manifest, true);
+        $manifestDigest = hash('sha256', $manifest, true);
 
         $fileManifest = "Signature-Version: 1.0\n";
-        $fileManifest .= "SHA1-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
-        $fileManifest .= "SHA1-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
+        $fileManifest .= "SHA-256-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
+        $fileManifest .= "SHA-256-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
         $fileManifest .= "Created-By: CubiStore\n\n";
         $fileManifest .= "Name: " . $file . "\n";
-        $fileManifest .= "SHA1-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
+        $fileManifest .= "SHA-256-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
 
         $zip->addFromString('META-INF/MANIFEST.MF', $manifest);
         $zip->addFromString('META-INF/1.SF', $fileManifest);