use SHA-256 instead of SHA-1 for hasing jar
continuous-integration/drone/push Build is passing Details

master
eater 5 years ago
parent eb1cbef43b
commit d16ccd468c
Signed by: eater
GPG Key ID: AD2560A0F84F0759

@ -100,26 +100,26 @@ class FDroidRepoService
$zip = new ZipArchive();
$zipPath = tempnam(sys_get_temp_dir(), 'zip');
$zip->open($zipPath, ZipArchive::CREATE);
$fileDigest = sha1($contents, true);
$fileDigest = hash('sha256', $contents, true);
$fileHeader = 'Name: ' . $file . "\n";
$fileHeader .= 'SHA1-Digest: ' . base64_encode($fileDigest) . "\n\n";
$fileHeader .= 'SHA-256-Digest: ' . base64_encode($fileDigest) . "\n\n";
$fileHeaderDigest = sha1($fileHeader, true);
$fileHeaderDigest = hash('sha256', $fileHeader, true);
$manifest = "Manifest-Version: 1.0\n";
$manifest .= "Created-By: CubiStore\n\n";
$manifestHeaderDigest = sha1($manifest, true);
$manifestHeaderDigest = hash('sha256', $manifest, true);
$manifest .= $fileHeader;
$manifestDigest = sha1($manifest, true);
$manifestDigest = hash('sha256', $manifest, true);
$fileManifest = "Signature-Version: 1.0\n";
$fileManifest .= "SHA1-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
$fileManifest .= "SHA1-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
$fileManifest .= "SHA-256-Digest-Manifest-Main-Attributes: " . base64_encode($manifestHeaderDigest) . "\n";
$fileManifest .= "SHA-256-Digest-Manifest: " . base64_encode($manifestDigest) . "\n";
$fileManifest .= "Created-By: CubiStore\n\n";
$fileManifest .= "Name: " . $file . "\n";
$fileManifest .= "SHA1-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
$fileManifest .= "SHA-256-Digest: " . base64_encode($fileHeaderDigest) . "\n\n";
$zip->addFromString('META-INF/MANIFEST.MF', $manifest);
$zip->addFromString('META-INF/1.SF', $fileManifest);

Loading…
Cancel
Save