While investigating the APK format, I've realized that the signatures on packages are still done using SHA-1. This is odd, because the signature is over control.tar.gz -- which is bound to data.tar.gz using a SHA-256 hash. In any case, now that relatively inexpensive SHA-1 preimage attacks are publically known, we should move to eliminate the use of SHA-1 quickly.

While apk-tools/src/package.c seems to indicate some support for checking "RSA256" signatures, abuild will never make them, and I'm suspicious of apk_sign_ctx_init's seemingly exclusive use of SHA-1. And while we're at it, the APK-TOOLS.checksum.SHA1 tar attribute should probably be replaced (or augmented) with a SHA256 version. (Pretty sure this is just a change at abuild/abuild-tar:383)