Control: tags 849782 upstream Hans-Christoph Steiner wrote...
> I'm not sure exactly where and when or if things changed. The essential
> part of the bug report is that valid APK files are being inconsistently
> detected as either JAR or ZIP.
Now I get it, it's "why are these files detected differently", and not a
report about a regression.
Well, from all I can see "tmp" is not a JAR file, at least based on the
checks file(1) does.
The magic line inspects the "extra field" ID code that follows the file
name. It is:
>(26.s+30) leshort 0xcafe Java archive data (JAR)
Quick translation: Read a 16bit from offset 26, use it as an offset into
the file, add 30, compare the little-endian 16bit value there with
0xcafe.
Which is for "tmp":
00000000 50 4b 03 04 14 00 08 08 08 00 d0 29 d0 44 50 89 |PK.........).DP.|
00000010 88 5e bd 08 00 00 20 18 00 00 14 00 00 00 4d 45 |.^.... .......ME|
^^ ^^ 0x14, +30 => 0x32
00000020 54 41 2d 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e |TA-INF/MANIFEST.|
00000030 4d 46 a5 58 c9 b2 a2 5a 16 9d 67 44 fe 43 0e ab |MF.X...Z..gD.C..|
^^ ^^ 0x58a5 -> fail
... while for "unsigned":
00000000 50 4b 03 04 14 00 08 08 08 00 00 00 21 38 00 00 |PK..........!8..|
00000010 00 00 00 00 00 00 00 00 00 00 13 00 04 00 41 6e |..............An|
^^ ^^ 0x13, +30 => 0x31
00000020 64 72 6f 69 64 4d 61 6e 69 66 65 73 74 2e 78 6d |droidManifest.xm|
00000030 6c fe ca 00 00 ad 56 4d 50 5b 55 14 3e 2f 09 10 |l.....VMP[U.>/..|
^^ ^^ 0xcafe -> match
There's a also bug in file(1), not relevant here: It should inspect the
"extra field" length at offset 28 first as for "unsigned" that value is
zero. Anyway, no extra field at all, hence no JAR signature to check,
hence no JAR.
This isn't new, some of the apk files around here are from Android
2.3-ish and already lack that bit of information.
However this should be fixed. If there is a way to get this done without
having to list the central directory or even looking into files, it
should be rather easy. I'll take hints.
If you happen to have a bigger collection, could you please run
"file -m test-jar <files>" where test-jar is
---------------------------------------------------------------------
30 string >\0 '%s'
---------------------------------------------------------------------
If there is (besides some garbage) no output that does *not* start with
'META-INF/MANIFEST.MF
we could use that as an identifier. It's not bullet-proof but assuming
there are very few tools around used to create apk files, it might be
good enough.
Christoph
signature.asc
Description: Digital signature
