include APK signatures in build metadata file
In order to make a good workflow when including the developer's APK signature, the signature data itself should be included in the build entry of the app's metadata. The Binaries: entry requires that the file is posted somewhere public online, and if it disappears, the build cannot be reproduced again.
- Provide tool to fetch signature from an existing, signed APK
- Include it in each release's build entry
- include only signature and manifest
- how is manifest signed?
- signing key can be part of app metadata, it should not change
-
SigningKeys:should allow string and list entries