aixan/lawnchair
1
0
Fork 0
mirror of https://github.com/LawnchairLauncher/lawnchair.git synced 2026-02-20 11:18:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
48dd48ecc8be4c8a646018d85b9dcd6e98ebe3c3
lawnchair/VERIFICATION.md
Pun Butrach 9990872291 chore: Development 2 (Stability) Milestone 
Signed-off-by: Pun Butrach <pun.butrach@gmail.com>
2025-10-15 21:41:20 +07:00

1.3 KiB
Raw Blame History

Lawnchair verification

Lawnchair apk are cryptographically signed and can be verified using two verifications system.

  1. GitHub or SLSA attestations
  2. SHA256 of android app certificate

SLSA Attestation

Lawnchair repository is SLSA-Level 2 compliance and can be verified using a provenance.

Note

It is possible to verify without GitHub CLI by cross-referencing check from GitHub Attestation with Sigstore Rekor

  1. Install GitHub CLI
  2. Download the APK and attestation from GitHub Attestation
  3. Run gh attestation verify APK -R LawnchairLauncher/lawnchair, replace {APK} with the actual APK file
  4. Done

Android App Certificate

Lawnchair have two app certificates:

  • Google Play: 47:AC:92:63:1C:60:35:13:CC:8D:26:DD:9C:FF:E0:71:9A:8B:36:55:44:DC:CE:C2:09:58:24:EC:25:61:20:A7
  • Elsewhere:
    74:7C:36:45:B3:57:25:8B:2E:23:E8:51:E5:3C:96:74:7F:E0:AD:D0:07:E5:BA:2C:D9:7E:8C:85:57:2E:4D:C5

On Android, using a verification app like AppVerifier can ease up the verifying process.

Reference in New Issue View Git Blame Copy Permalink