From d16ccd468c7b6136cf171ba1321d30071bbe7692 Mon Sep 17 00:00:00 2001
From: eater <=@eater.me>
Date: Sat, 23 Nov 2019 09:59:35 +0100
Subject: [PATCH] use SHA-256 instead of SHA-1 for hasing jar

---
 src/Service/FDroidRepoService.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Service/FDroidRepoService.php b/src/Service/FDroidRepoService.php
index d137f45..c4b3602 100644
--- a/src/Service/FDroidRepoService.php
+++ b/src/Service/FDroidRepoService.php
@@ -100,26 +100,26 @@ class FDroidRepoService
         $zip = new ZipArchive();
         $zipPath = tempnam(sys_get_temp_dir(), 'zip');
         $zip->open($zipPath, ZipArchive::CREATE);
-        $fileDigest = sha1($contents, true);
+        $fileDigest = hash('sha256', $contents, true);
 
         $fileHeader = 'Name: ' . $file . "\n";
-        $fileHeader .= 'SHA1-Digest: ' . base64_encode($fileDigest) . "\n\n";
+        $fileHeader .= 'SHA-256-Digest: ' . base64_encode($fileDigest) . "\n\n";
 
-        $fileHeaderDigest = sha1($fileHeader, true);
+        $fileHeaderDigest = hash('sha256', $fileHeader, true);
 
         $manifest = "Manifest-Version: 1.0\n";
         $manifest .= "Created-By: CubiStore\n\n";
-        $manifestHeaderDigest = sha1($manifest, true);
+        $manifestHeaderDigest = hash('sha256', $manifest, true);
 
         $manifest .= $fileHeader;
-        $manifestDigest = sha1($manifest, true);
+        $manifestDigest = hash('sha256', $manifest, true);
 
         $fileManifest = "Signature-Version: 1.0\n";
-        $fileManifest .= "SHA1-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
-        $fileManifest .= "SHA1-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
+        $fileManifest .= "SHA-256-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
+        $fileManifest .= "SHA-256-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
         $fileManifest .= "Created-By: CubiStore\n\n";
         $fileManifest .= "Name: " . $file . "\n";
-        $fileManifest .= "SHA1-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
+        $fileManifest .= "SHA-256-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
 
         $zip->addFromString('META-INF/MANIFEST.MF', $manifest);
         $zip->addFromString('META-INF/1.SF', $fileManifest);