You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
wget https://github.com/Blockstream/green_android/releases/download/$GIT_TAG/SHA256SUMS.asc
wget https://github.com/Blockstream/green_android/releases/download/$GIT_TAG/BlockstreamGreen-v3.7.1-production-release.apk
mdkir signed
unzip BlockstreamGreen-v3.7.1-production-release.apk -d signed
keytool -printcert -file signed/META-INF/GREENADD.RSA
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 04BEBF2E35A2AF2FFDF1FA5DE7F054AA2E76E792
shasum -a 256 --check SHA256SUMS.asc
gpg --verify SHA256SUMS.asc
Diff with unsigned built binary
mkdir unsigned
unzip green_android/green/build/outputs/apk/production/release/BlockstreamGreen-v3.7.1-production-release-unsigned.apk -d unsigned
# Now if all match, the only diff should be the three files generated inside META-INF that are added when signing the APK: GREENADD.RSA, GREENADD.SF and MANIFEST.MF
diff -r signed/ unsigned/
# The hash seems to also appear in SHASUM256.asc under the file named tmp_.apk, let's try it!
cp green_android/green/build/outputs/apk/production/release/BlockstreamGreen-v3.7.1-production-release-unsigned.apk tmp_.apk
# Here's a green hash for ya!
shasum -a 256 --check SHA256SUMS.asc