Replying to Avatar lunaticoin

nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5 which is the best way to verify Amber apk?

Is there any signature file and pubkey I can use to verify it? do you maybe publish the hash on Nostr? (that could be it)

Avatar
greenart7c3 1y ago

When zap.store is ready i'll change the keys and start publishing the hashes

For now you can check if Amber is signed with the key 56dc631996a55c2284790448c7dc9f1dd05df596b2ce4882313633f5602e5fe4 and try to check if the apk is reproducible by building it and see if it matches the content inside the apk

The best way of doing this i found was adapting the signal docker file

https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

If you dont want to do this its better to wait for when i start signing with my new keys in zap.store

Reply to this note

Please Login to reply.

Discussion

Avatar
Zapstore 1y ago

Would you like to try it now? Hopefully it works.

see https://github.com/zapstore/zapstore-cli

I already whitelisted your npub in the relay

Avatar
greenart7c3 1y ago

Nice, I'll just finish something I was doing and I'll try