Cannot verify apk with Signature Scheme v2

I installed fdroidserver using the latest docker image. Now I am trying to add apks to create my own repository. The apk were obtained by downloading them from their websites, like for example the signal apk. I get the following error message:

fdroid update
2022-01-02 20:38:08,680 INFO: Using /opt/android-sdk/build-tools/26.0.2/apksigner
ERROR: APK Signature Scheme v2 signer #1: Malformed additional attribute #1
2022-01-02 20:38:16,491 ERROR:
repo/Signal-Android-website-prod-universal-release-5.28.5.apk: WARNING: APK Signature Scheme v2 signer #1: Unknown signature algorithm: 0x421
2022-01-02 20:38:16,492 WARNING: Archiving Signal-Android-website-prod-universal-release-5.28.5.apk with invalid signature!
2022-01-02 20:38:16,492 INFO: Moving Signal-Android-website-prod-universal-release-5.28.5.apk from repo to archive

Why wouldn’t this work out of the box? What do I need to do to get it working?

What fdroidserver version is in that Docker? Which Docker image exactly?


fdroid --version
no version info found!

According to this Stackoverflow question/answer the problem is that the APK is signed with v2 and v3 but the used apksigner version does not support v3 signature scheme and thus fails.

Therefore using apksigner from build-tools/31.0.0 should solve the problem.

Hi, thanks for your answer! So if I understand you correctly, I need the Android SDK docker container as well as the fdroidserver docker container. Wouldn’t it be easier to include an uptodate apksigner in the fdroid docker container? Also, is setting allow_disabled_algorithms to true a workaround?

Sorry I don’t have any experience with dockerized fdroid server. Make sure a recent apksigner is present in your host system or if you use a docker container for the Android SDK in the container.

In the fdroid server there seems to be a variable named MINIMUM_APKSIGNER_BUILD_TOOLS_VERSION which is set by default to 26.0.2. May be it is possible to increase this version?

Yes, that helps. Thanks a lot!