From d7dc001b9bf792805643d6e8f0464ed4e2ef8f2e Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 8 Feb 2023 16:06:34 +0100
Subject: [PATCH] gitlab-ci: punt reworking index-v1.jar verify

The index-v1.jar tests need to verify its SHA1 signature.  Java's default
is to treat SHA1 as unsigned.  Ideally, our code would use apksig to verify
those JAR sigs so that it would use the apksigner rules for whether a SHA1
signature is valid.

https://android.googlesource.com/platform/tools/apksig/+/master/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
---
 .gitlab-ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2bbe2f560..a7e4ac5f7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -58,6 +58,9 @@ workflow:
 test_lint_pmd_checkstyle:
   <<: *test-template
   script:
+    # index-v1.jar tests need SHA1 support still, TODO use apksig to validate JAR sigs
+    - sed -i 's,SHA1 denyAfter 20[0-9][0-9],SHA1 denyAfter 2024,'
+          /usr/lib/jvm/default-java/conf/security/java.security
     # always report on lint errors to the build log
     - sed -i -e 's,textReport .*,textReport true,' app/build.gradle
     # the tasks "lint", "test", etc don't always include everything