Verifying Build Authenticity

Since the Android 14 QPR3 update (June 2024 patches), I decided to start signing the builds with our private keys (not only to work around PlayIntegrity issues, but also to increase the security of these builds sorry guys, I should have done this before ;_;).

Note

To go ahead with the verification, git, python3-pip, and python3 are required.

Download the verifier and install its dependencies:

$ git clone https://github.com/ItsVixano-releases/update_verifier
$ cd update_verifier
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip3 install -r requirements.txt

Check the signature of the downloaded ZIP file:

$ python3 update_verifier.py lineageos_pubkey /path/to/zip

If the script reports verified successfully, the ZIP file signature is valid.