Official LineageOS 15.1 builds not signed?

jnsp · August 13, 2018, 7:08pm

After downloading the latest official LineageOS build from here, I wanted to verify the files signature using keytool and instructions provided by LineageOS here.

$ keytool -J-Duser.language=en -list -printcert -jarfile ~/Downloads/lineage-15.1-20180813-nightly-FP2-signed.zip 
Not a signed jar file

Am I missing something or is the build not properly signed?

Roboe · August 13, 2018, 9:50pm

Same here:

$ sha256sum -c lineage-15.1-20180813-nightly-FP2-signed.zip.sha256sum
lineage-15.1-20180813-nightly-FP2-signed.zip: OK
$ keytool -J-Duser.language=en -list -printcert -jarfile lineage-15.1-20180813-nightly-FP2-signed.zip
Not a signed jar file

I tried with last 14.1:

$ sha256sum -c lineage-14.1-20180808-nightly-FP2-signed.zip.sha256sum 
lineage-14.1-20180808-nightly-FP2-signed.zip: OK
$ keytool -J-Duser.language=en -list -printcert -jarfile lineage-14.1-20180808-nightly-FP2-signed.zip
Signer #1:

Signature:

Owner: CN=LineageOS, OU=LineageOS, O=LineageOS, L=Seattle, ST=Washington, C=US
Issuer: CN=LineageOS, OU=LineageOS, O=LineageOS, L=Seattle, ST=Washington, C=US
Serial number: e10413c773c3c54f
Valid from: Sat Jan 07 05:21:25 CET 2017 until: Wed May 25 06:21:25 CEST 2044
Certificate fingerprints:
	 MD5:  F2:CA:AA:A7:2F:D6:34:FE:70:D7:5C:41:43:6C:5E:14
	 SHA1: 9B:6D:F9:06:2A:1A:76:E6:E0:07:B1:1F:C2:EF:CB:EF:4B:32:F2:23
	 SHA256: 51:83:25:EF:7F:96:C0:D1:19:4C:2E:85:6B:04:0D:63:61:66:FF:B8:46:71:7D:72:FA:87:F4:FA:E5:BE:7B:BB
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 72 96 32 27 D6 6C 4C 4D   5F A0 91 6A C2 2C 79 3C  r.2'.lLM_..j.,y<
0010: D4 5F 43 5C                                        ._C\
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 72 96 32 27 D6 6C 4C 4D   5F A0 91 6A C2 2C 79 3C  r.2'.lLM_..j.,y<
0010: D4 5F 43 5C                                        ._C\
]
]

So it seems like a 15.1 issue, indeed.

chrmhoffmann · August 14, 2018, 10:30am

Signature is not done anymore with keytool. You can use this here: http://github.com/LineageOS/update_verifier

Kudos to: luca0204008, nicknitewolf, harryyoud to provide me the answer.

Chris

jnsp · August 14, 2018, 11:55am

Thanks!

$ python3 update_verifier.py lineageos_pubkey ~/Downloads/lineage-15.1-20180813-nightly-FP2-signed.zip 
verified successfully

system · November 12, 2018, 11:56am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.