Bug#956388: marked as done (ITP: golang-github-avast-apkverifier -- APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.)

[Debian Bug Tracking System]

Your message dated Mon, 20 Jul 2020 07:00:16 +0000
with message-id <e1jxpma-000gxj...@fasolo.debian.org>
and subject line Bug#956388: fixed in golang-github-avast-apkverifier 
0.0~git20191015.7330a51-1
has caused the Debian Bug report #956388,
regarding ITP: golang-github-avast-apkverifier -- APK Signature verification in 
Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
956388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956388
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wnpp
Severity: wishlist
Owner: Hans-Christoph Steiner <h...@eds.org>

* Package name    : golang-github-avast-apkverifier
  Version         : 0.0~git20200217.aa28c80-1
  Upstream Author : Avast
* URL             : https://github.com/avast/apkverifier
* License         : LGPL-3.0
  Programming Lang: Go
  Description     : APK Signature verification in Go. Supports scheme v1, v2 
and v3 and passes Google apksig's testing suite.

 apkverifier GoDoc (https://godoc.org/github.com/avast/apkverifier)
 Build Status (https://travis-ci.org/avast/apkverifier)
 .
 APK signature verification, should support all algorithms and both scheme
 v1 and v2, including downgrade attack protection.
 .
 Works with Go 1.8 or higher.
 .
 Documentation on GoDoc (https://godoc.org/github.com/avast/apkverifier)
 go get github.com/avast/apkverifier Vendored stuff Because
 Android can handle even broken x509 cerficates and ZIP files,
 apkverifier is using the ZipReader from apkparser package and vendors
 crypto/x509 in internal/x509andr and github.com/fullsailor/pkcs7
 (https://github.com/fullsailor/pkcs7) in the fullsailor/pkcs7 folder.  The
 last two have some changes to handle some not-entirely-according-to-spec
 certificates.  Example ```go package main
 .
 import (
     "fmt" "github.com/avast/apkverifier" "os"
 )
 .
 func main() {
     res, err := apkverifier.Verify(os.Args[1], nil) if err != nil {
         fmt.Fprintf(os.Stderr, "Verification failed: %s\n", err.Error())
     }
 fmt.Printf("Verification scheme used: v%d\n", res.SigningSchemeId) cert,
 _ := apkverifier.PickBestApkCert(res.SignerCerts) if cert == nil {
     fmt.Printf("No certificate found.\n")
 } else {
     fmt.Println(cert)
 }
 .
 }
 .
 ```

TODO: perhaps reasoning

--- End Message ---

--- Begin Message ---

Source: golang-github-avast-apkverifier
Source-Version: 0.0~git20191015.7330a51-1
Done: Hans-Christoph Steiner <h...@eds.org>

We believe that the bug you reported is fixed in the latest version of
golang-github-avast-apkverifier, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 956...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hans-Christoph Steiner <h...@eds.org> (supplier of updated 
golang-github-avast-apkverifier package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 10 Apr 2020 17:32:34 +0200
Source: golang-github-avast-apkverifier
Binary: apkverifier golang-github-avast-apkverifier-dev
Architecture: source amd64 all
Version: 0.0~git20191015.7330a51-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Hans-Christoph Steiner <h...@eds.org>
Description:
 apkverifier - Android APK Signature verification tool
 golang-github-avast-apkverifier-dev - Android APK Signature verification Go 
library
Closes: 956388
Changes:
 golang-github-avast-apkverifier (0.0~git20191015.7330a51-1) unstable; 
urgency=medium
 .
   * Initial release (Closes: #956388)
Checksums-Sha1:
 6ed19ec58bf16d73838e9bad47882c19ae9e9de4 2195 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.dsc
 9755615c0a2fdb453706de8047e14fa29545c290 352379 
golang-github-avast-apkverifier_0.0~git20191015.7330a51.orig.tar.gz
 51d1fd88185e7300b5a37769a166e20e673be166 4604 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.debian.tar.xz
 2c8ecd5573364cb55dfeea27850b52c8cd2d0c1a 1053788 
apkverifier_0.0~git20191015.7330a51-1_amd64.deb
 aa587f1cda0345180e6ab36b8f315ddfa08ed19d 301652 
golang-github-avast-apkverifier-dev_0.0~git20191015.7330a51-1_all.deb
 8e213305ec3ff279007aa8ca2a43e3a449ba14fb 6182 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1_amd64.buildinfo
Checksums-Sha256:
 24e30d4fdf5b665a177695875331925b003887e42b28f5037900a73fc2619a02 2195 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.dsc
 bc6c61326fb91e13153769d9d870ab296dc753b9986be251459719adc2f63df0 352379 
golang-github-avast-apkverifier_0.0~git20191015.7330a51.orig.tar.gz
 bc84474022251e9acbe64af2703b711ac84405436f34d63ac5ec509f7ff60dba 4604 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.debian.tar.xz
 a17c43066c7df2209c75ad3242fca9c9bd752fbdd59b72eb17f83014670fa133 1053788 
apkverifier_0.0~git20191015.7330a51-1_amd64.deb
 dd1a9188072e2c86b6454bd07400c2111529acffaaa803572e56069997953227 301652 
golang-github-avast-apkverifier-dev_0.0~git20191015.7330a51-1_all.deb
 9e403ec5b51a15aae3bb815bebaf6a088706c517c23c5cfdc8b21482802a9aef 6182 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1_amd64.buildinfo
Files:
 668629654ec850e2742022ac11317318 2195 devel optional 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.dsc
 831b90ec80f01c74f4f5ef8d3c686595 352379 devel optional 
golang-github-avast-apkverifier_0.0~git20191015.7330a51.orig.tar.gz
 16a96c6b91d9510c2bf563ad5dac0d09 4604 devel optional 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1.debian.tar.xz
 6ddce90dd8ab7ac81993a01805841ae7 1053788 devel optional 
apkverifier_0.0~git20191015.7330a51-1_amd64.deb
 5a04c77eb848a81d47c3b46439695363 301652 devel optional 
golang-github-avast-apkverifier-dev_0.0~git20191015.7330a51-1_all.deb
 463d6a1db63ed44e7b820cf2b9b9f4b3 6182 devel optional 
golang-github-avast-apkverifier_0.0~git20191015.7330a51-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAl8VNxwACgkQPhd4F7ob
m/p6MQf8Cxh1nV7ZzT4TBC28e05rKoFqrfVR0Bqt2+iiCFcfkIi7mn5Lc/RnABDs
NIxoD4MMVFWR/4E+8fDjY1bMA298np2GT5SEw4ikyuYV/zgoo5EMUKBvh0Fe7W4/
1sxFfLxgl1yqIsT90koceKETYIK0jf1lIAmug2Qvi78XZJVIEfZM5fQN/NgWRiaj
vsR0ttVuO1km45dlGL8Wb5W4fQhyC5MsxS8lX6Hm0xLQ/3112cb01f760dcyrO5k
2qWHAvRXL+Vtur3MjYL8+0V57EUF1cLBJ/q5lO3ouFufme2hP+ZWlwgZ1fTbfboS
f6CooCLGUzR7/N/KnaWHvueTCRqlbw==
=/G7X
-----END PGP SIGNATURE-----

--- End Message ---