Repository update interval (#158)
This is issue #158https://gitlab.com/fdroid/fdroidclient/issues/158
I have modified the update interval to include "weekly" and "Every 2 Weeks" and removed "Hourly" as update frequencies. THe maximum interval was daily which was still too often for me. I have removed "Hourly" as you probably have to pay for your bandwidth and that is insanely often :-). Every 4 hours should still be plenty often.
2 Languages did not have the right amount of options there anyway, and I fixed those.
Please check, test, judge and ... hopefully ... merge.
See merge request !52
This makes this script more likely to run on various setups, since it does
three checks for finding where the `android` utility is:
1. is it in the PATH already?
2. is ANDROID_HOME set?
3. does ~/.android/bashrc exist?
This also copies ~/.android/ant.properties into the project for anyone who
wants to setup automated tests of `ant release` builds.
The maximum interval to check repositories was "Daily". Allow to also
update weekly and bi-weekly and remove the "hourly" option (someone has
to pay for all that bandwidth after all). I was considering to even remove
the "Every 4 hours" option, but did not dare do it.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Classes which contain calls to platform specific methods cause
problems, because the dexer will go looking for that method even
if you put a guard condition checking the build number. However,
if you lazily load a class depdending on the version number, then
older API devices wont try and load it, and no VerifyError occurs.
* Android-21 introduced an API for symlinking.
* Android-19 has an API which can be used via reflection.
* Earlier versions use Runtime.exec('/system/bin/ln')
This also extends the SanitizedFile stuff so that the android < 19 can
safely use Runtime.exec() with less fear of command injection vulnerabilities.
Finally, some tests for the SanitizedFile and symlink stuff was added.
This prevents an app with "write external storage" permission from
being able to switch the legit app with a dodgey one between F-Droid
requesting an install, and the package manager actually showing the
install dialog to the user.
In order to make the file in private internal storage readable by
the package manager, its parent directories need to be world-executable,
and the file itself needs to be world-readable. It seems that the
"/data/data/org.fdroid.fdroid/cache" dir provided by the Context is
already world executable, but the "apks" subdirectory does not default
to this.
Also, to be compatible with android-8, a Runtime.getRuntime().exec()
call was added for such devices, which invokes /system/bin/chmod.
The effect of this was to require some level of file sanitization to
be made available using the Java type system to prevent command injection
attacks from weird apk names (as people are free to download metadata
from random internet people).
Superfdroid fixes
Package names and apk file names should only contain letters, numbers, dots,
and underscores. This is now checked in RootInstaller before executing 'pm
install' or 'pm uninstall'.
See merge request !48https://gitlab.com/fdroid/fdroidclient/merge_requests/48
Also, start using String[] like Android's SUPPORTED_ABIS instead of
Set<String>. Said list of ABIs will always be very short, at most containing a
handful of elements.
