From 464014684256adaeda5d14bac71a33b8f52d273f Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 22 Oct 2020 11:48:37 +0200
Subject: [PATCH 1/2] gradle dependency verification is too buggy with .pom
 metadata

This disables the verification of .pom files.  .pom files can add
dependencies, so it would be good to have them verified.  But since this
current setup requires all JAR to be verified, any new dependencies would
fail anyway:
https://docs.gradle.org/current/userguide/dependency_verification.html#sec:disabling-metadata-verification

In some cases everything works fine, like on gitlab-ci, and in other places
it always gives errors like this:

```
A problem occurred configuring root project 'client'.
> Dependency verification failed for configuration ':classpath'
  4 artifacts failed verification:
    - all-1.2.0.pom (com.sun.activation:all:1.2.0) from repository MavenRepo
    - jvnet-parent-1.pom (net.java:jvnet-parent:1) from repository MavenRepo
    - oss-parent-7.pom (org.sonatype.oss:oss-parent:7) from repository MavenRepo
    - oss-parent-9.pom (org.sonatype.oss:oss-parent:9) from repository MavenRepo
  This can indicate that a dependency has been compromised. Please carefully verify the checksums.

  Open this report for more details: file:///home/hans/code/fdroid/client/build/reports/dependency-verification/at-1603359642220/dependency-verification-report.html
```

@glennmen and @eighthave both are getting that error.
---
 gradle/verification-metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 0c6f752b7..fddac78f6 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.0.xsd">
    <configuration>
-      <verify-metadata>true</verify-metadata>
+      <verify-metadata>false</verify-metadata>
       <verify-signatures>true</verify-signatures>
       <trusted-keys>
          <trusted-key id="0394681addddb4f6388a64d295123567c1886c47" group="ch.acra" name="acra" version="4.9.1"/>

From 16095c8bfdc690bf3c6c6780caeb298b9e08abc7 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 22 Oct 2020 11:52:06 +0200
Subject: [PATCH 2/2] remove unused imports

---
 .../java/org/fdroid/fdroid/installer/FileInstallerTest.java | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/app/src/test/java/org/fdroid/fdroid/installer/FileInstallerTest.java b/app/src/test/java/org/fdroid/fdroid/installer/FileInstallerTest.java
index 0fb3976a2..aa2b5d09e 100644
--- a/app/src/test/java/org/fdroid/fdroid/installer/FileInstallerTest.java
+++ b/app/src/test/java/org/fdroid/fdroid/installer/FileInstallerTest.java
@@ -3,7 +3,6 @@ package org.fdroid.fdroid.installer;
 import android.content.ContextWrapper;
 import androidx.test.core.app.ApplicationProvider;
 import org.fdroid.fdroid.Preferences;
-import org.fdroid.fdroid.TestUtils;
 import org.fdroid.fdroid.data.Apk;
 import org.junit.Before;
 import org.junit.Test;
@@ -11,11 +10,6 @@ import org.junit.runner.RunWith;
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.shadows.ShadowLog;
 
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipFile;
-
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;