Package: apksigcopier Version: 1.1.1-1 Severity: serious https://ci.debian.net/packages/a/apksigcopier/unstable/amd64/72115554/ and confirmed locally:
+ apksigcopier compare NewPipe_v0.21.0.apk org.schabi.newpipe_966.apk DOES NOT VERIFY ERROR: APK Signature Scheme v2 signer #1: APK integrity check failed. CHUNKED_SHA256 digest mismatch. Expected: <647ed7a031902520b13c810fd292ee70e426338290be1ba043c67f80c25d3720>, actual: <d89fb3f20914ba51325ca8cba40d8b79dfea145e1aa7c91bd10a058accf81433> Error: failed to verify /tmp/tmp1mi1vi6a/output.apk. -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 7.0.12+deb14.1-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apksigcopier depends on: ii python3 3.13.9-3+b1 ii python3-click 8.2.0+0.really.8.1.8-1 apksigcopier recommends no packages. Versions of packages apksigcopier suggests: pn apksigner <none>

