YAPF, VirusTotal false positive? #46 - alt-app-installer follow-up #12
Replies: 1 comment
-
I might be useless, because IDK the apksigner and reproducible build guide equivalent in python. Use a signed Sha cert or something like apksigner like from this AppVerifier Readme.md (IK this from Obtainium readme.md) Reproducible build is indeed hard in python, I just found out there's even a subreddit for RP, it is possible by F-Droid and accrescent with varied mix of RP vs app store signed cert only, which is not ideal yet. (Sorry for the rough draft, I'm currently on mobile and is not at home) #4 (my exposition on hypatia, virustotal, or other aspect) Forgot to mention VirusTotal integration, check the link, Autoruns by sysinternals dev and AppManager by MuntashirAkon has built-in VirusTotal. https://news.ycombinator.com/item?id=36349478 https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/2023-10-01-all.md https://discuss.grapheneos.org/d/14452-how-to-explain-why-accrescent-over-f-droid/31 https://www.google.com/search?q=accrescent%20reproducible%20build&ie=utf-8&client=firefox-b-m https://accrescent.app/faq#verifying1. It can also be found on a Bluesky post to distrust the website. It is encouraged to verify it's the same with other people as well for assurance. DO NOT use AppVerifier to verify itself! https://github.com/soupslurpr/AppVerifier AppVerifier - App verification tool (recommended, integrates with Obtainium) https://developer.android.com/tools/apksigner Alternative.to is for alternative but by specifying the OS selection, I think equivalent or counterpart between programming languages app could be searched. Oh yeah, msys2 pacman also needs the msys2 cert by exporting it to msys2 from browser security page with the lock in Firefox, it's along with tracking protection icon. (No auto currently last time I use it , not sure if this is just import export or count as self signed) |
Beta Was this translation helpful? Give feedback.
-
mjishnu/alt-app-installer#46
;
I forgot the app name but there is an app that signed their app signature locally, to bypass the expensive signing cert.
msys2 repo could be add as trusted cert to avoid wget error.
Obtainium uses AppVerifier, though the main method is to verify it with apksigner tool or app. but thats mobile i think.
AppVerifier itself is verified using 'apksigner'. The hash is posted at different place from the internet as to distrust or make it more objective.
Oh yeah, I've just remembered it. It's also used by Accrescent.
not sure, is there an equivalent to apksigner in desktop environment?
Breezy Weather wins the false positive case somehow, surprisingly, great, not so lucky for the rest of devs that I mentioned here:
reference:
#10
edit:
forgot to mention NVCleanstall method to bypass patched part ( nvidia-patch ) of the app into nvidia driver. this is hacky but it works to bypass NVIDIA consumer GPU card limitation.
;
Beta Was this translation helpful? Give feedback.
All reactions