allow APKs with same packageName/versionCode but different signer

There are many APKs out in the wild that claim to be the same app and version and each other, but they are signed by different keys. fdroid should be able to index these, and work with them. This supports having the developer's signature via reproducible builds, random collections of APKs like repomaker, etc.
2017-05-30 14:52:33 +02:00 · 2017-05-30 14:52:33 +02:00 · 0f4cbc7224
parent 2c6945dac7
commit 0f4cbc7224
6 changed files with 35 additions and 5 deletions
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@ -361,9 +361,16 @@ def make_v0(apps, apks, repodir, repodict, requestsdict):

        # Check for duplicates - they will make the client unhappy...
        for i in range(len(apklist) - 1):
-            if apklist[i]['versionCode'] == apklist[i + 1]['versionCode']:
-                raise FDroidException("duplicate versions: '%s' - '%s'" % (
-                    apklist[i]['apkName'], apklist[i + 1]['apkName']))
+            first = apklist[i]
+            second = apklist[i + 1]
+            if first['versionCode'] == second['versionCode'] \
+               and first['sig'] == second['sig']:
+                if first['hash'] == second['hash']:
+                    raise FDroidException('"{0}/{1}" and "{0}/{2}" are exact duplicates!'.format(
+                        repodir, first['apkName'], second['apkName']))
+                else:
+                    raise FDroidException('duplicates: "{0}/{1}" - "{0}/{2}"'.format(
+                        repodir, first['apkName'], second['apkName']))

        current_version_code = 0
        current_version_file = None
--- a/tests/repo/index.xml
+++ b/tests/repo/index.xml
@ -129,7 +129,7 @@
 	<application id="obb.mainpatch.current">
 		<id>obb.mainpatch.current</id>
 		<added>2016-04-23</added>
-		<lastupdated>2016-04-23</lastupdated>
+		<lastupdated>2017-06-01</lastupdated>
 		<name>OBB Main/Patch Current</name>
 		<summary></summary>
 		<icon>obb.mainpatch.current.1619.png</icon>
--- a/tests/repo/obb.mainpatch.current_1619_another-release-key.apk
+++ b/tests/repo/obb.mainpatch.current_1619_another-release-key.apk
--- a/tests/run-tests
+++ b/tests/run-tests
@ -484,6 +484,28 @@ test -e repo/index-v1.jar
 export ANDROID_HOME=$STORED_ANDROID_HOME


+#------------------------------------------------------------------------------#
+echo_header "check duplicate files are properly handled by fdroid update"
+
+REPOROOT=`create_test_dir`
+KEYSTORE=$WORKSPACE/tests/keystore.jks
+cd $REPOROOT
+$fdroid init --keystore $KEYSTORE --repo-keyalias=sova
+echo 'keystorepass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+echo 'keypass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+mkdir $REPOROOT/metadata
+cp -a $WORKSPACE/tests/metadata/obb.mainpatch.current.txt $REPOROOT/metadata
+echo "accepted_formats = ['txt']" >> config.py
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619_another-release-key.apk $REPOROOT/repo/
+$fdroid update --pretty
+grep -F 'obb.mainpatch.current_1619.apk' repo/index.xml
+grep -F 'obb.mainpatch.current_1619_another-release-key.apk' repo/index.xml
+# die if there are exact duplicates
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/duplicate.apk
+! $fdroid update
+
+
 #------------------------------------------------------------------------------#
 echo_header "setup new repo from scratch using ANDROID_HOME, putting APKs in repo first"

--- a/tests/stats/known_apks.txt
+++ b/tests/stats/known_apks.txt
@ -4,4 +4,5 @@ obb.main.twoversions_1101613.apk obb.main.twoversions 2015-10-12
 obb.main.twoversions_1101615.apk obb.main.twoversions 2016-01-01
 obb.main.twoversions_1101617.apk obb.main.twoversions 2016-06-20
 obb.mainpatch.current_1619.apk obb.mainpatch.current 2016-04-23
+obb.mainpatch.current_1619_another-release-key.apk obb.mainpatch.current 2017-06-01
 urzip-πÇÇπÇÇ现代汉语通用字-български-عربي1234.apk info.guardianproject.urzip 2016-06-23
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@ -204,7 +204,7 @@ class UpdateTest(unittest.TestCase):
        apps = fdroidserver.metadata.read_metadata(xref=True)
        knownapks = fdroidserver.common.KnownApks()
        apks, cachechanged = fdroidserver.update.scan_apks({}, 'repo', knownapks, False)
-        self.assertEqual(len(apks), 6)
+        self.assertEqual(len(apks), 7)
        apk = apks[0]
        self.assertEqual(apk['minSdkVersion'], '4')
        self.assertEqual(apk['targetSdkVersion'], '18')