Doing an update of Android system webview. Everything works, I get the notification touch to update - and the well known signature mismatch.
Examining the zipfile (apk) reveals broken zipfile - can not find zipfile directory.
Apk length is 33859120
Logcat shows no errors, BSDiff says patching successfully completed, deleting delta.unpacked
zip -FF on the damaged archive works and indicates some errors:
copying: res/layout/text_edit_suggestion_list_footer.xml (355 bytes)
copying: res/layout/tooltip.xml (497 bytes)
copying: res/menu/select_action_menu.xml (563 bytes)
copying: META-INF/CERT.SF (19781 bytes)
copying: META-INF/CERT.RSA (1148 bytes)
copying: META-INF/MANIFEST.MF (19448 bytes)
zip warning: unexpected signature 50 4b 00 00 on disk 0 at 33816455
zip warning: skipping this signature...
Central Directory found...
no local entry: assets/stored-locales/am.pak
no local entry: res/drawable-xxhdpi-v4/abc_textfield_searchK%fuivated_mtrl_alpha
no local entry: 6ht/drawable-xxhdpi-v4/abc_textfield_search_default_mtrl_alpha.9
no local entry: res/drawable-xxhdpi-v4/ic_menu_share_holo_light.webp
no local entry: g�/drawable-xxhdpi-v4/icL7hbrch.webp
no local entry: res/drawable-xxhdpi-v4/iconL;hcview.webp
no local entry: res/drawable-xxxhdpi-v4/abc_btn_switchL8ron_mtrl_00001.9.png
no local entry: re�fXawable-xxxhdpi-v4/abc_O8qswitch_to_on_mtrl_00012.9.png
no local entry: res(ubwable-xxxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png
zip warning: error reading entry: Success
zip warning: skipping this entry...
Wondering, perhaps packing the archive resulted in an unexpected length of the archive? Compression quality may slightly differ across different library versions. Or some junk got attached or inserted?
Anyway, have the faulty archive and logs here for closer inspection.
Updating 68.0.3440.91 to 69.0.3447.100
Downloaded original apk for comparison: both have exactly the same length - 33858120 bytes.
cmp says "differ: byte 33804290"
After fixing with zip -FF both archives extract to exactly the same file contents
Looked at the corruption with a hexeditor. First corruption is a single byte change at 4096 boundary. Next is a 4 byte change 4096+26 bytes later. Next is a longer block of garbage toward the end of the same page. After that things go haywire pretty badly.
The fix in master.
An expected SHA1 signature of the base apk (the one which is installed and has to be patched) is provided in the download link response by Play Store API. It was not being checked before because I didn't know what kind of signature that was exactly.