Conversation
…lity - Add .github/workflows/ci.yml: ruff lint/format + pytest on push/PR - Add .github/workflows/docker.yml: build and push to GHCR on main/tags - Dockerfile stage 2: remove redundant build-tools install (pure-Python zipalign/apksigner fallbacks make them unnecessary at runtime) - .gitignore: add .docker-deps/ to prevent accidental large-file commits
Multidex support:
- classes2.dex, classes3.dex, ... are encrypted together as assets/encrypted_extra.dex
- StubApplication.kt extracts and loads extra DEX via DexClassLoader path list
AndroidManifest.xml patcher:
- Replaced regex-based fallback with structural AXML binary parser
- Reads string pool, resource map, and XML element chunks to precisely locate
the android:name attribute on <application> tag
- Falls back to byte-level UTF-16LE replacement for UTF-8 encoded pools
APK Signature Scheme v2:
- Pure-Python v2 signing block appended after v1 (JAR) signing
- Computes APK content digests over ZIP sections, RSA-PKCS1v15 signature
- Compatible with Android 7+ installer requirements
File size limits and validation:
- Configurable FUIN_MAX_UPLOAD_MB (default 500 MB)
- ZIP magic header validation before starting a job
Auto-cleanup:
- FUIN_CLEANUP_DAYS (default 30) — deletes old App records, packed APKs,
mapping files, and job records on server startup
APK analysis info:
- New fuin/apk_info.py: pure-Python AXML parser for package, version,
minSdk, targetSdk, permissions, component counts, DEX file list
- Analysis stored in App.analysis (JSON column) and returned in API responses
Job history DB persistence:
- New JobRecord table; job status written to DB throughout execution
- GET /jobs/{job_id} falls back to DB for completed jobs after restart
ProGuard mapping management:
- POST /apps/{app_id}/mapping/upload — stores mapping.txt on disk
- GET /apps/{app_id}/mapping — download stored mapping
Webhook callbacks:
- webhook_url form field on /pack, or FUIN_WEBHOOK_URL env var
- Fires POST JSON {"event": "pack.done", "result": {...}} on completion
Web UI updates:
- SDK badges (min/target API level)
- Permission list with dangerous permission highlighting
- Component counts (A/S/R/P)
- Per-app details panel with version, SDK, DEX info
- Mapping upload/download UI
- Webhook URL input field
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
classes2.dex,classes3.dex, … are encrypted as a bundled ZIP (assets/encrypted_extra.dex) and loaded viaDexClassLoaderpath list inStubApplicationandroid:nameattribute on<application>FUIN_MAX_UPLOAD_MB(default 500 MB) + ZIP magic header check on uploadFUIN_CLEANUP_DAYS(default 30 days) prunes old packed APKs, mapping files, and job records on server startupfuin/apk_info.pypure-Python AXML parser; extractsminSdk,targetSdk, version name, permissions, component counts, and DEX file list; stored in theAppDB recordJobRecordDB table; job status is written throughout execution soGET /jobs/{id}works across server restartsPOST /apps/{id}/mapping/uploadstoresmapping.txt;GET /apps/{id}/mappingdownloads itwebhook_urlform field onPOST /pack(orFUIN_WEBHOOK_URLenv var) fires aPOST {"event": "pack.done", ...}on completionci.yml(ruff lint + pytest) anddocker.yml(build & push to GHCR onmain/tags); Dockerfile simplified: runtime stage no longer installs Android build-tools (pure-Python fallbacks cover zipalign and signing)