I’m downloading Signal from the website, even tho they don’t seem to want you to, because I’d like to be able to completely rid myself of the Google Play Store (as used with Aurora which has its own problems from time to time), and I believe that this version auto-updates or at least tells you when there is one. Following the instructions here using the apksigner in the repository just gives me lots of error messages. I’m using Linux Mint 21.1 (and just because I’m using Linux doesn’t mean that I know what I’m doing). I think I read somewhere that the apksigner in the repos is (of course) broken and I may need a newer version but I don’t know where to get it. Any help with this would be greatly appreciated.
What line did you use to verify the apk and what error do you get back? I’m on my phone, but if you still need help I can turn on my laptop and have a look
which returns lines and lines of errors that look similar to this:
WARNING: META-INF/com/android/build/gradle/app-metadata.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
I also tried, after asking for help from Signal support:
keytool error: java.lang.Exception: Only one command is allowed: both -list and -printcert were specified.
I barely understand any of this; really I just want to make sure that the app is safe, properly verified, and not tampered with (which seems kind of unlikely in any event . . . ?)
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
What line did you use to verify the apk and what error do you get back? I’m on my phone, but if you still need help I can turn on my laptop and have a look
Following the link on the download page, I did
apksigner verify Signal-Android-website-prod-universal-release-6.24.4.apkwhich returns lines and lines of errors that look similar to this:
WARNING: META-INF/com/android/build/gradle/app-metadata.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.I also tried, after asking for help from Signal support:
keytool -list -printcert -jarfile Signal-Android-website-prod-universal-release-6.24.4.apkand got
keytool error: java.lang.Exception: Only one command is allowed: both -list and -printcert were specified.I barely understand any of this; really I just want to make sure that the app is safe, properly verified, and not tampered with (which seems kind of unlikely in any event . . . ?)
UPDATE: If I do
apksigner verify --print-certs Signal-Android-website-prod-universal-release-6.24.4.apkI get
followed by a whole lot more of those
WARNING: META-INFthingies, but I believe #1 is correct?