From 61ae95f95e323b5edd9b2e715c3efb60ddd8c2c7 Mon Sep 17 00:00:00 2001
From: Alexander Martinz <alex@katastima.org>
Date: Thu, 16 Apr 2026 11:04:01 +0200
Subject: [PATCH] libs: v1: allow indices signed with SHA-256

Currently the IndexV1Verifier only allows SHA1-Digest.
Also allow indices to be signed using SHA-256-Digest to support
repositories using it.

-----

04-16 10:42:35.372 32370 32389 E RepoUpdateManager: Error updating repository http://192.168.1.50:3000/repo
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: org.fdroid.index.SigningException: Unsupported digest: SHA-256-Digest
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.v1.IndexV1Verifier.checkAttributes(IndexV1Verifier.kt:35)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.JarIndexVerifier.getStreamAndVerify(JarIndexVerifier.kt:45)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.v1.IndexV1Updater.updateRepo$lambda$4(IndexV1Updater.kt:62)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.v1.IndexV1Updater.$r8$lambda$P2XzF4413QJZBOBr6JwilkHT93g(IndexV1Updater.kt:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.v1.IndexV1Updater$$ExternalSyntheticLambda3.run(R8$$SyntheticClass:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at androidx.room.RoomDatabase.runInTransaction(RoomDatabase.kt:585)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.v1.IndexV1Updater.updateRepo(IndexV1Updater.kt:61)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.IndexUpdater.update$lambda$0(IndexUpdater.kt:63)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.IndexUpdater.$r8$lambda$NUzLiXgA9adSx93mFCWLY6GuflY(IndexUpdater.kt:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.IndexUpdater$$ExternalSyntheticLambda0.invoke(R8$$SyntheticClass:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.IndexUpdater.catchExceptions(IndexUpdater.kt:68)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.index.IndexUpdater.update(IndexUpdater.kt:62)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.RepoUpdateManager.updateRepos(RepoUpdateManager.kt:107)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.views.main.LatestViewBinder.lambda$new$0(LatestViewBinder.java:94)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.views.main.LatestViewBinder.$r8$lambda$6N6Nu2ia8Nb5Yj4UytWsESKNpgk(LatestViewBinder.java:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.views.main.LatestViewBinder$$ExternalSyntheticLambda0.run(R8$$SyntheticClass:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.Utils.lambda$runOffUiThread$5(Utils.java:840)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.Utils.$r8$lambda$RTQXMghUr-8Q0IH1zJ5oQCPUbNc(Utils.java:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at org.fdroid.fdroid.Utils$$ExternalSyntheticLambda7.call(R8$$SyntheticClass:0)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.internal.operators.single.SingleFromCallable.subscribeActual(SingleFromCallable.java:43)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.core.Single.subscribe(Single.java:4855)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:80)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:71)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at java.util.concurrent.FutureTask.run(FutureTask.java:317)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:348)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1154)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:652)
04-16 10:42:35.372 32370 32389 E RepoUpdateManager: 	at java.lang.Thread.run(Thread.java:1564)

-----

Signed-off-by: Alexander Martinz <alex@katastima.org>
---
 .../androidMain/kotlin/org/fdroid/index/v1/IndexV1Verifier.kt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/index/src/androidMain/kotlin/org/fdroid/index/v1/IndexV1Verifier.kt b/libs/index/src/androidMain/kotlin/org/fdroid/index/v1/IndexV1Verifier.kt
index 8ae73192a..39a63e0af 100644
--- a/libs/index/src/androidMain/kotlin/org/fdroid/index/v1/IndexV1Verifier.kt
+++ b/libs/index/src/androidMain/kotlin/org/fdroid/index/v1/IndexV1Verifier.kt
@@ -6,7 +6,7 @@ import org.fdroid.index.JarIndexVerifier
 import org.fdroid.index.SigningException
 
 public const val DATA_FILE_NAME: String = "index-v1.json"
-private const val SUPPORTED_DIGEST = "SHA1-Digest"
+private val SUPPORTED_DIGESTS = listOf("SHA1-Digest", "SHA-256-Digest")
 
 /**
  * Verifies the old Index V1.
@@ -31,7 +31,7 @@ public class IndexV1Verifier(
   @Throws(SigningException::class)
   protected override fun checkAttributes(attributes: Attributes) {
     attributes.keys.forEach { key ->
-      if (key.toString() != SUPPORTED_DIGEST) {
+      if (key.toString() !in SUPPORTED_DIGESTS) {
         throw SigningException("Unsupported digest: $key")
       }
     }