Bug#868486: diffoscope often fails to detect APKs
Hans-Christoph Steiner: > > The APK format is a ZIP file that always includes the files > AndroidManifest.xml and classes.dex. Then it also always > has a JAR signature (i.e. META-INF/). It does not have the > JAR magic number CAFEBABE in it. > Right, I can get that much by looking it up on wikipedia. What I don't know is why file(1) detects some of these as DOS/MBR partition even though the test case you gave starts with "PK" and can quite obviously be recognised as a zip file (ignoring the APK aspect for now). zipinfo(1) works. So I want to know why libfile didn't accept your patch, what were their reasons? X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
Bug#868486: diffoscope often fails to detect APKs
The APK format is a ZIP file that always includes the files AndroidManifest.xml and classes.dex. Then it also always has a JAR signature (i.e. META-INF/). It does not have the JAR magic number CAFEBABE in it.
Bug#868486: diffoscope often fails to detect APKs
Control: tags -1 - pending Hans-Christoph Steiner: > [..] > > I'd like a way to force the file type in diffoscope. We are calling it > from a build process, so we already know all files are going to be APKs. > Also, I tried to get this added to libfile, but upstream is not willing > to accept detection routines that rely on more complicated things like > presence of a file in a ZIP. They just want byte patterns, which is not > enough to consistently detect APKs. > Do you have a link to the libfile discussion, and could you provide some more detail on the APK file format? I think in diffoscope we *are* happy to add more complicated detection logic. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
Bug#868486: diffoscope often fails to detect APKs
tags 868486 + pending thanks Fixed in Git: https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=c14424059b7836d59da8e18c260e34dc797cb02e Thanks for providing the testcases! :) Regards, -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#868486: diffoscope often fails to detect APKs
Package: diffoscope Version: 83 APKs are basically a ZIP file with a JAR signature, but not necessarily the CAFEBABE byte sequence that marks a JAR. This means that comparing APKs with diffoscope often results in a straight binary diff, which is useless. Here's one example: https://verification.f-droid.org/im.zom.messenger_1510005.binary.apk.diffoscope.html im.zom.messenger_1510005.binary.apk is available here: https://verification.f-droid.org/Zom-15.1.0-alpha-5-zomrelease-release-unsigned.apk im.zom.messenger_1510005.apk is available here: https://github.com/zom/Zom-Android/releases/download/15.1.0-alpha-5/Zom-15.1.0-alpha-5-zomrelease-release.apk You can get lots and lots of APKs from here: https://f-droid.org/packages I'd like a way to force the file type in diffoscope. We are calling it from a build process, so we already know all files are going to be APKs. Also, I tried to get this added to libfile, but upstream is not willing to accept detection routines that rely on more complicated things like presence of a file in a ZIP. They just want byte patterns, which is not enough to consistently detect APKs.