Where does `sig` come from?


The F-Droid back-end contain sig & signer properties for each APK.

I finally figured out that the signer value can be found as Signer #1 certificate SHA-256 digest from the output of the apksigner verify --print-certs <apk> command.

However, I still can’t find where to get sig from.


sig was a custom algorithm made back in 2010:

I was able to replicate it, thanks !

Also, what causes the following error message ?

Unsupported digest: SHA-256-Digest

And how to find out which CPU architectures does an APK support ?


nativecode is available.

Yes, I meant, how is the value set ?


"nativecode": [


I’m not sure what you want to know.

I meant, out of an APK file, how to get that list, so that I can then write the value on my index files ?

You can list the files in the apk and check the lib directory.

what are you doing? programming a client?

I’ll check this out, thanks.

Programming a server that will be able to import APKs from external sources (e.g. from GitHub/GitLab/Forgejo releases, forum attachments, etc.)

My primary issue right now is making the official F-Droid client work with index-v1 :

I managed to make index-v2 work.

I also managed to make index-v1 work with Neo Store.


Do note that we’re already la v2: Index V2 · Wiki · F-Droid / wiki · GitLab

And v1 will go away at some point.

Yes, and I did manage to make the official client work in v2 with my server.

But I still would like to solve this, firstly because the official client has a setting for forcing v1 which must be there for a reason, secondly because it would be highly frustrating as a developer to discard this issue, especially considering that I managed to make Neo Store work with my server, while that app uses v1.


What if there is no lib directory ?

Then it doesn’t have native libs and works for all abis.

I see, thanks.

What about the “Unsupported digest: SHA-256-Digest” error ?