I currently distribute my app ( Orgro | F-Droid - Free and Open Source Android App Repository ) on Google Play and on F-Droid. With the Google Android developer verification process I have claimed the package name for my private key. I understand that means that in the (near?) future, some users may have difficulty running or installing my app if it is not signed with my key.
Currently the F-Droid builds are signed by F-Droid. I understand that I can get F-Droid to distribute my own APKs as long as they are reproducible against the F-Droid APKs (“Publishing APKs with the upstream developer’s signature” on Reproducible Builds | F-Droid - Free and Open Source Android App Repository).
I do my development on a Mac. Is there any guidance for how to reproduce the F-Droid build environment such as in a Docker image?
It doesn’t appear to let you claim more than a single signature for a package name, so as I understand it this isn’t possible now that I have claimed the package name with my own key’s signature.
Sorry, I missed in the Google Play Console UI that you can indeed “Add key” to an existing package. Then the steps are indeed as described on the ticket you linked:
Add the F-Droid key’s signature (d9423d31b482bc1638bf553b6ac1a5fdf07e85ac197de6f0d796b1a0f8912273)
Publish a new version to F-Droid that includes your adi-registration.properties
Upload the resulting APK to complete verification
To be clear that would seem to remove the need to move to self-signed APKs.