From 781b2004e550252d2d1afa50f8fe1bd44c774875 Mon Sep 17 00:00:00 2001
From: virtus <fevirtus@gmail.com>
Date: Wed, 8 Apr 2026 19:45:24 +0700
Subject: [PATCH] feat: Normalize APK SHA-1 comparison in signing verification
 step

---
 .gitea/workflows/build-apk.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/build-apk.yml b/.gitea/workflows/build-apk.yml
index 5243f45..e1094e9 100644
--- a/.gitea/workflows/build-apk.yml
+++ b/.gitea/workflows/build-apk.yml
@@ -153,13 +153,15 @@ jobs:
           echo "$CERT_OUTPUT"
 
           if [ -n "${EXPECTED_ANDROID_SHA1}" ]; then
-            APK_SHA1=$(echo "$CERT_OUTPUT" | sed -n 's/.*certificate SHA-1 digest: //p' | head -n1 | tr '[:lower:]' '[:upper:]')
-            EXPECTED_SHA1_UPPER=$(echo "${EXPECTED_ANDROID_SHA1}" | tr '[:lower:]' '[:upper:]')
+            APK_SHA1=$(echo "$CERT_OUTPUT" | sed -n 's/.*certificate SHA-1 digest: //p' | head -n1)
+            APK_SHA1_NORMALIZED=$(echo "$APK_SHA1" | tr -d '[:space:]:-' | tr '[:lower:]' '[:upper:]')
+            EXPECTED_SHA1_NORMALIZED=$(echo "${EXPECTED_ANDROID_SHA1}" | tr -d '[:space:]:-' | tr '[:lower:]' '[:upper:]')
 
-            if [ "$APK_SHA1" != "$EXPECTED_SHA1_UPPER" ]; then
+            if [ "$APK_SHA1_NORMALIZED" != "$EXPECTED_SHA1_NORMALIZED" ]; then
               echo "APK SHA-1 mismatch"
-              echo "Expected: $EXPECTED_SHA1_UPPER"
-              echo "Actual  : $APK_SHA1"
+              echo "Expected (normalized): $EXPECTED_SHA1_NORMALIZED"
+              echo "Actual   (normalized): $APK_SHA1_NORMALIZED"
+              echo "Tip: update EXPECTED_ANDROID_SHA1 to this signer if this is your intended release key"
               exit 1
             fi
           fi