From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 30 May 2017 12:52:33 +0000 (+0200)
Subject: allow APKs with same packageName/versionCode but different signer
X-Git-Tag: 0.8~49^2~6
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=0f4cbc7224409c8741dec9a2cc19f23c4d0aaacc;p=fdroidserver.git

allow APKs with same packageName/versionCode but different signer

There are many APKs out in the wild that claim to be the same app and
version and each other, but they are signed by different keys.  fdroid
should be able to index these, and work with them.   This supports having
the developer's signature via reproducible builds, random collections of
APKs like repomaker, etc.
---

diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index f7162092..d3c1a0b7 100644
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -361,9 +361,16 @@ def make_v0(apps, apks, repodir, repodict, requestsdict):
 
         # Check for duplicates - they will make the client unhappy...
         for i in range(len(apklist) - 1):
-            if apklist[i]['versionCode'] == apklist[i + 1]['versionCode']:
-                raise FDroidException("duplicate versions: '%s' - '%s'" % (
-                    apklist[i]['apkName'], apklist[i + 1]['apkName']))
+            first = apklist[i]
+            second = apklist[i + 1]
+            if first['versionCode'] == second['versionCode'] \
+               and first['sig'] == second['sig']:
+                if first['hash'] == second['hash']:
+                    raise FDroidException('"{0}/{1}" and "{0}/{2}" are exact duplicates!'.format(
+                        repodir, first['apkName'], second['apkName']))
+                else:
+                    raise FDroidException('duplicates: "{0}/{1}" - "{0}/{2}"'.format(
+                        repodir, first['apkName'], second['apkName']))
 
         current_version_code = 0
         current_version_file = None
diff --git a/tests/repo/index.xml b/tests/repo/index.xml
index 88507d52..ff958b7b 100644
--- a/tests/repo/index.xml
+++ b/tests/repo/index.xml
@@ -129,7 +129,7 @@
 	<application id="obb.mainpatch.current">
 		<id>obb.mainpatch.current</id>
 		<added>2016-04-23</added>
-		<lastupdated>2016-04-23</lastupdated>
+		<lastupdated>2017-06-01</lastupdated>
 		<name>OBB Main/Patch Current</name>
 		<summary></summary>
 		<icon>obb.mainpatch.current.1619.png</icon>
diff --git a/tests/repo/obb.mainpatch.current_1619_another-release-key.apk b/tests/repo/obb.mainpatch.current_1619_another-release-key.apk
new file mode 100644
index 00000000..1a494fe2
Binary files /dev/null and b/tests/repo/obb.mainpatch.current_1619_another-release-key.apk differ
diff --git a/tests/run-tests b/tests/run-tests
index 931d6e06..84f7f766 100755
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -484,6 +484,28 @@ test -e repo/index-v1.jar
 export ANDROID_HOME=$STORED_ANDROID_HOME
 
 
+#------------------------------------------------------------------------------#
+echo_header "check duplicate files are properly handled by fdroid update"
+
+REPOROOT=`create_test_dir`
+KEYSTORE=$WORKSPACE/tests/keystore.jks
+cd $REPOROOT
+$fdroid init --keystore $KEYSTORE --repo-keyalias=sova
+echo 'keystorepass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+echo 'keypass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+mkdir $REPOROOT/metadata
+cp -a $WORKSPACE/tests/metadata/obb.mainpatch.current.txt $REPOROOT/metadata
+echo "accepted_formats = ['txt']" >> config.py
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619_another-release-key.apk $REPOROOT/repo/
+$fdroid update --pretty
+grep -F 'obb.mainpatch.current_1619.apk' repo/index.xml
+grep -F 'obb.mainpatch.current_1619_another-release-key.apk' repo/index.xml
+# die if there are exact duplicates
+cp $WORKSPACE/tests/repo/obb.mainpatch.current_1619.apk $REPOROOT/repo/duplicate.apk
+! $fdroid update
+
+
 #------------------------------------------------------------------------------#
 echo_header "setup new repo from scratch using ANDROID_HOME, putting APKs in repo first"
 
diff --git a/tests/stats/known_apks.txt b/tests/stats/known_apks.txt
index 94a40a74..ec777242 100644
--- a/tests/stats/known_apks.txt
+++ b/tests/stats/known_apks.txt
@@ -4,4 +4,5 @@ obb.main.twoversions_1101613.apk obb.main.twoversions 2015-10-12
 obb.main.twoversions_1101615.apk obb.main.twoversions 2016-01-01
 obb.main.twoversions_1101617.apk obb.main.twoversions 2016-06-20
 obb.mainpatch.current_1619.apk obb.mainpatch.current 2016-04-23
+obb.mainpatch.current_1619_another-release-key.apk obb.mainpatch.current 2017-06-01
 urzip-ÏÃÃÏÃÃç°ä»£æ±è¯­éç¨å­-Ð±ÑÐ»Ð³Ð°ÑÑÐºÐ¸-Ø¹Ø±Ø¨Ù1234.apk info.guardianproject.urzip 2016-06-23
diff --git a/tests/update.TestCase b/tests/update.TestCase
index be1a7266..3742f965 100755
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@@ -204,7 +204,7 @@ class UpdateTest(unittest.TestCase):
         apps = fdroidserver.metadata.read_metadata(xref=True)
         knownapks = fdroidserver.common.KnownApks()
         apks, cachechanged = fdroidserver.update.scan_apks({}, 'repo', knownapks, False)
-        self.assertEqual(len(apks), 6)
+        self.assertEqual(len(apks), 7)
         apk = apks[0]
         self.assertEqual(apk['minSdkVersion'], '4')
         self.assertEqual(apk['targetSdkVersion'], '18')
