allow APKs with same packageName/versionCode but different signer

There are many APKs out in the wild that claim to be the same app and
version and each other, but they are signed by different keys.  fdroid
should be able to index these, and work with them.   This supports having
the developer's signature via reproducible builds, random collections of
APKs like repomaker, etc.

diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index f716209248c4ac3dca22725692e2462209b5a931..d3c1a0b737f8fda9f47de8c635988f58c2f7750e 100644 (file)
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -361,9 +361,16 @@ def make_v0(apps, apks, repodir, repodict, requestsdict):
 
         # Check for duplicates - they will make the client unhappy...
         for i in range(len(apklist) - 1):
-            if apklist[i]['versionCode'] == apklist[i + 1]['versionCode']:
-                raise FDroidException("duplicate versions: '%s' - '%s'" % (
-                    apklist[i]['apkName'], apklist[i + 1]['apkName']))
+            first = apklist[i]
+            second = apklist[i + 1]
+            if first['versionCode'] == second['versionCode'] \
+               and first['sig'] == second['sig']:
+                if first['hash'] == second['hash']:
+                    raise FDroidException('"{0}/{1}" and "{0}/{2}" are exact duplicates!'.format(
+                        repodir, first['apkName'], second['apkName']))
+                else:
+                    raise FDroidException('duplicates: "{0}/{1}" - "{0}/{2}"'.format(
+                        repodir, first['apkName'], second['apkName']))
 
         current_version_code = 0
         current_version_file = None

diff --git a/tests/repo/index.xml b/tests/repo/index.xml
index 88507d52ffe801bef04e3c1dacc11c83676679dc..ff958b7bc9d2e0cfb7e3d5a15af0c9ae42a08279 100644 (file)
--- a/tests/repo/index.xml
+++ b/tests/repo/index.xml
@@ -129,7 +129,7 @@
        <application id="obb.mainpatch.current">
                <id>obb.mainpatch.current</id>
                <added>2016-04-23</added>
-               <lastupdated>2016-04-23</lastupdated>
+               <lastupdated>2017-06-01</lastupdated>
                <name>OBB Main/Patch Current</name>
                <summary></summary>
                <icon>obb.mainpatch.current.1619.png</icon>

diff --git a/tests/repo/obb.mainpatch.current_1619_another-release-key.apk b/tests/repo/obb.mainpatch.current_1619_another-release-key.apk
new file mode 100644 (file)
index 0000000..1a494fe
Binary files /dev/null and b/tests/repo/obb.mainpatch.current_1619_another-release-key.apk differ

diff --git a/tests/run-tests b/tests/run-tests
index 931d6e069c6d05724c988d0dd0e35aa9ada3ce19..84f7f766f5b7ca4da6656bf6055e01c9a788ce16 100755 (executable)
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -484,6 +484,28 @@ test -e repo/index-v1.jar
 export ANDROID_HOME=$STORED_ANDROID_HOME
 
 
+#------------------------------------------------------------------------------#
+echo_header "check duplicate files are properly handled by fdroid update"
+
+REPOROOT=`create_test_dir`
+KEYSTORE=$WORKSPACE/tests/keystore.jks
+cd $REPOROOT
+$fdroid init --keystore $KEYSTORE --repo-keyalias=sova
+echo 'keystorepass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+echo 'keypass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+mkdir $REPOROOT/metadata
+cp -a $WORKSPACE/tests/metadata/obb.mainpatch.current.txt $REPOROOT/metadata
+echo "accepted_formats = ['txt']" >> config.py
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619_another-release-key.apk $REPOROOT/repo/
+$fdroid update --pretty
+grep -F 'obb.mainpatch.current_1619.apk' repo/index.xml
+grep -F 'obb.mainpatch.current_1619_another-release-key.apk' repo/index.xml
+# die if there are exact duplicates
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/duplicate.apk
+! $fdroid update
+
+
 #------------------------------------------------------------------------------#
 echo_header "setup new repo from scratch using ANDROID_HOME, putting APKs in repo first"
 

diff --git a/tests/stats/known_apks.txt b/tests/stats/known_apks.txt
index 94a40a742477b30e38e8797151ae79b80aa588e8..ec7772422c6ceb900b321194dba9675c694d8581 100644 (file)
--- a/tests/stats/known_apks.txt
+++ b/tests/stats/known_apks.txt
@@ -4,4 +4,5 @@ obb.main.twoversions_1101613.apk obb.main.twoversions 2015-10-12
 obb.main.twoversions_1101615.apk obb.main.twoversions 2016-01-01
 obb.main.twoversions_1101617.apk obb.main.twoversions 2016-06-20
 obb.mainpatch.current_1619.apk obb.mainpatch.current 2016-04-23
+obb.mainpatch.current_1619_another-release-key.apk obb.mainpatch.current 2017-06-01
 urzip-πÇÇπÇÇ现代汉语通用字-български-عربي1234.apk info.guardianproject.urzip 2016-06-23

diff --git a/tests/update.TestCase b/tests/update.TestCase
index be1a7266e205bc54d75a742130cf16f891348010..3742f965078433ef7029be8a5f62130f2370b1a7 100755 (executable)
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@@ -204,7 +204,7 @@ class UpdateTest(unittest.TestCase):
         apps = fdroidserver.metadata.read_metadata(xref=True)
         knownapks = fdroidserver.common.KnownApks()
         apks, cachechanged = fdroidserver.update.scan_apks({}, 'repo', knownapks, False)
-        self.assertEqual(len(apks), 6)
+        self.assertEqual(len(apks), 7)
         apk = apks[0]
         self.assertEqual(apk['minSdkVersion'], '4')
         self.assertEqual(apk['targetSdkVersion'], '18')