mirror of
https://github.com/LawnchairLauncher/lawnchair.git
synced 2026-02-28 15:56:49 +00:00
34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# Lawnchair verification
|
|
|
|
Lawnchair apk are cryptographically signed and can be verified using two verifications system.
|
|
1. GitHub or SLSA attestations
|
|
2. SHA256 of android app certificate
|
|
|
|
## SLSA Attestation
|
|
|
|
Lawnchair repository is SLSA-Level 2 compliance and can be verified using a provenance.
|
|
|
|
> [!NOTE]
|
|
> It is possible to verify without GitHub CLI by cross-referencing check from
|
|
> [GitHub Attestation][github-attestation] with [Sigstore Rekor][sigstore-rekor]
|
|
|
|
1. Install GitHub CLI
|
|
2. Download the APK and attestation from [GitHub Attestation][github-attestation]
|
|
3. Run `gh attestation verify APK -R LawnchairLauncher/lawnchair`, replace {APK} with the
|
|
actual APK file
|
|
4. Done
|
|
|
|
## Android App Certificate
|
|
|
|
Lawnchair have two app certificates:
|
|
* Google Play:
|
|
`47:AC:92:63:1C:60:35:13:CC:8D:26:DD:9C:FF:E0:71:9A:8B:36:55:44:DC:CE:C2:09:58:24:EC:25:61:20:A7`
|
|
* Elsewhere:
|
|
`74:7C:36:45:B3:57:25:8B:2E:23:E8:51:E5:3C:96:74:7F:E0:AD:D0:07:E5:BA:2C:D9:7E:8C:85:57:2E:4D:C5`
|
|
|
|
On Android, using a verification app like [AppVerifier][3p-appverifier] can ease up the verifying process.
|
|
|
|
[github-attestation]: https://github.com/LawnchairLauncher/lawnchair/attestations
|
|
[sigstore-rekor]: https://search.sigstore.dev/
|
|
[3p-appverifier]: https://github.com/soupslurpr/AppVerifier
|