{"id":18511693,"url":"https://github.com/f-droid/android-sdk-transparency-log","last_synced_at":"2025-04-09T04:34:00.397Z","repository":{"id":45466576,"uuid":"407433594","full_name":"f-droid/android-sdk-transparency-log","owner":"f-droid","description":"A \"binary transparency\" log of the Android SDK binaries, as published on https://dl.google.com/android/repository","archived":false,"fork":false,"pushed_at":"2025-04-01T20:11:09.000Z","size":5190,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-01T21:25:01.589Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/f-droid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"liberapay":"F-Droid-Data","open_collective":"F-Droid","github":["f-droid"],"custom":["https://f-droid.org/donate/","https://www.hellotux.com/f-droid"]}},"created_at":"2021-09-17T06:38:07.000Z","updated_at":"2025-04-01T20:11:12.000Z","dependencies_parsed_at":"2023-02-15T05:00:56.550Z","dependency_job_id":"ae6d429e-9668-48c6-ba23-96837b2653a2","html_url":"https://github.com/f-droid/android-sdk-transparency-log","commit_stats":{"total_commits":711,"total_committers":16,"mean_commits":44.4375,"dds":0.5682137834036568,"last_synced_commit":"f1a536ba37f73d942efe26570f128c17cfc8a43f"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-droid%2Fandroid-sdk-transparency-log","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-droid%2Fandroid-sdk-transparency-log/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-droid%2Fandroid-sdk-transparency-log/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-droid%2Fandroid-sdk-transparency-log/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/f-droid","download_url":"https://codeload.github.com/f-droid/android-sdk-transparency-log/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247980830,"owners_count":21027803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:29:26.122Z","updated_at":"2025-04-09T04:33:59.831Z","avatar_url":"https://github.com/f-droid.png","language":"Python","funding_links":["https://liberapay.com/F-Droid-Data","https://opencollective.com/F-Droid","https://github.com/sponsors/f-droid","https://f-droid.org/donate/","https://www.hellotux.com/f-droid"],"categories":[],"sub_categories":[],"readme":"\n# Android SDK Transparency Log\n\nThis is an automated log of the Android SDK binaries and their\nchecksums, as posted in the _sdkmanager_ repositories hosted on\nhttps://dl.google.com/android/repository\n\nThis serves as a basic [binary\ntransparency](https://wiki.mozilla.org/Security/Binary_Transparency)\nappend-only log for anyone to use.  One of the key properties of any\ngood binary repository is that the binaries never change once they\nhave been published.  [Maven has been promising\nthis](https://blog.sonatype.com/2009/04/what-is-a-repository/) since\n2009 at least.  F-Droid has for most of its history.  Occasionally,\nGoogle forgets this, and changes packages that have already been\npublished:\n\n* [Google Issue #70292819 platform-27_r01.zip was overwritten with a new update](https://issuetracker.google.com/issues/70292819) (Google login and Javascript required)\n\n\n## API\n\nThis can also be used as a basic JSON API by getting the JSON files via the raw links:\n\n* [checksums.json](https://gitlab.com/fdroid/android-sdk-transparency-log/-/raw/master/checksums.json) - a simple dictionary of download URLs and matching checksums\n* [status_codes.json](https://gitlab.com/fdroid/android-sdk-transparency-log/-/raw/master/status_codes.json) - the HTTP Status Codes of the last download attempt of this process\n\n\n## Local verification\n\nIf there is an F-Droid _buildserver_ instance setup on a machine, it\nwill cache the Android SDK components in\n_~/.cache/fdroidserver_. There is a script here to log all of the\nAndroid SDK binaries found in that folder:\n`./index-cache-fdroidserver.py`.  Run that script on the machine and\nuser account that runs the _buildserver_ instance, and it will add any\nunknown packages it finds to the local _checksums.json_.  If there are\nno changes to _checksums.json_ after that script successfully\ncompletes, that means no unknown packages were found.\n\n\n## Signed Checksums\n\nThere are [locally verified](sign_and_publish.sh), GPG-signed, versions of\n_checksums.json_ available in the _signed/_ sub-directory:\n\n* [_checksums.json_](signed/checksums.json)\n* [_checksums.json.asc_](signed/checksums.json.asc)\n* [_keyring.gpg_](signed/keyring.gpg)\n* [_keyring.gpg.asc_](signed/keyring.gpg.asc)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff-droid%2Fandroid-sdk-transparency-log","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff-droid%2Fandroid-sdk-transparency-log","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff-droid%2Fandroid-sdk-transparency-log/lists"}