diff --git a/app/src/main/java/org/fdroid/fdroid/localrepo/SwapService.java b/app/src/main/java/org/fdroid/fdroid/localrepo/SwapService.java
index e0b916096..3a16ea723 100644
--- a/app/src/main/java/org/fdroid/fdroid/localrepo/SwapService.java
+++ b/app/src/main/java/org/fdroid/fdroid/localrepo/SwapService.java
@@ -481,6 +481,8 @@ public class SwapService extends Service {
Utils.debugLog(TAG, "Creating swap service.");
startForeground(NOTIFICATION, createNotification());
+ deleteAllSwapRepos();
+
CacheSwapAppsService.startCaching(this);
swapPreferences = getSharedPreferences(SHARED_PREFERENCES, Context.MODE_PRIVATE);
@@ -553,6 +555,8 @@ public class SwapService extends Service {
}
stopForeground(true);
+ deleteAllSwapRepos();
+
super.onDestroy();
}
@@ -568,7 +572,26 @@ public class SwapService extends Service {
.build();
}
+ /**
+ * For now, swap repos are only trusted as long as swapping is active. They
+ * should have a long lived trust based on the signing key, but that requires
+ * that the repos are stored in the database by fingerprint, not by URL address.
+ *
+ * @see TOFU in swap
+ * @see
+ * signing key fingerprint should be sole ID for repos in the database
+ */
+ private void deleteAllSwapRepos() {
+ for (Repo repo : RepoProvider.Helper.all(this)) {
+ if (repo.isSwap) {
+ Utils.debugLog(TAG, "Removing stale swap repo: " + repo.address + " - " + repo.fingerprint);
+ RepoProvider.Helper.remove(this, repo.getId());
+ }
+ }
+ }
+
private void initTimer() {
+ // TODO replace by Android scheduler
if (timer != null) {
Utils.debugLog(TAG, "Cancelling existing timeout timer so timeout can be reset.");
timer.cancel();