Fix#263 "cannot manually add repo that was swapped before"
Pretends that the swap repo never existed, by deleting it before adding
the new repo, and showing the same message that is shown when a new
repo is added. This does not change behaviour for existing non-swap
repos. They are not deleted before being added again, or else we would
lose the ability to verify the fingerprint of an existing repo is the
same as a newly added one with the same URL.
Note that this has the effect that the fingerprint/pubkey of the swap
repo is nuked when adding that repo manually.
Internationalised the string "BAD FINGERPRINT" while I was at it.
To test it out, here is some instructions to make life easier:
Firstly, go into manage repos and delete the guardian project main repo (going to pretend to use this for swapping to make life easier).
Then if you run `sqlite3 /data/data/org.fdroid.fdroid/databases/fdroid` and execute the query:
`select substr(fingerprint, 0, 10), substr(pubkey, 70, 10), address, isSwap from fdroid_repo order by fingerprint desc;`
You should see:
```
B7C2EEFD8|081ad310b3|https://guardianproject.info/fdroid/archive|0
43238D512|071310b300|https://f-droid.org/archive|0
43238D512|071310b300|https://f-droid.org/repo/|0
```
Now simulate a swap session like so:
```
adb shell am start -a android.intent.action.VIEW -d 'https://guardianproject.info/fdroid/repo?swap=1'
```
Which results in the following database:
```
B7C2EEFD8|081ad310b3|https://guardianproject.info/fdroid/archive|0
B7C2EEFD8|081ad310b3|https://guardianproject.info/fdroid/repo|1
43238D512|071310b300|https://f-droid.org/archive|0
43238D512|071310b300|https://f-droid.org/repo/|0
```
Note the last column (`isSwap`) is `1` for the newly added swap repo. Now we will add the repo (without a fingerprint) to the Manage Repo activity. If you are feeling lazy, execute:
```
adb shell am start -a android.intent.action.VIEW -d https://guardianproject.info/fdroid/repo
```
The repo will be removed, then re-added as a TOFU repo:
```
B7C2EEFD8|081ad310b3|https://guardianproject.info/fdroid/archive|0
43238D512|071310b300|https://f-droid.org/archive|0
43238D512|071310b300|https://f-droid.org/repo/|0
||https://guardianproject.info/fdroid/repo/|0
```
I noticed some bugginess with sending the same intent and it being ignored, I'll have to look at this another day (not caused by this change, it already existed in master).
See merge request !90
Pretends that the swap repo never existed, by deleting it before adding
the new repo, and showing the same message that is shown when a new
repo is added. This does not change behaviour for existing non-swap
repos. They are not deleted before being added again, or else we would
lose the ability to verify the fingerprint of an existing repo is the
same as a newly added one with the same URL.
Note that this has the effect that the fingerprint/pubkey of the swap
repo is nuked when adding that repo manually.
Internationalised the string "BAD FINGERPRINT" while I was at it.
Now the other content provider functions which can result in broken SQL
due to the number of arguments is private, and can only be accessed
from a public helper method which ensures that limit is never hit.
The update count was broken because I added the join onto the
apk table, and in the process, forced a GROUP BY on the AppProvider
queries. This group by made the COUNT(*) actually count the number
of apks for each app, not the total rows.
They were all due to the addition of "application label" to the
installed app cache. This commit adds a mock ApplicationInfo
to the mock package manager and also specifies the label while
inserting into the test content provider.
This also makes AndroidStudio integration work better, which makes
running and debugging tests much nicer than the CLI.
Also cleaned up imports in one test, and made the symlink tests not
fail on older devices below API 19.
* Android-21 introduced an API for symlinking.
* Android-19 has an API which can be used via reflection.
* Earlier versions use Runtime.exec('/system/bin/ln')
This also extends the SanitizedFile stuff so that the android < 19 can
safely use Runtime.exec() with less fear of command injection vulnerabilities.
Finally, some tests for the SanitizedFile and symlink stuff was added.
This prevents an app with "write external storage" permission from
being able to switch the legit app with a dodgey one between F-Droid
requesting an install, and the package manager actually showing the
install dialog to the user.
In order to make the file in private internal storage readable by
the package manager, its parent directories need to be world-executable,
and the file itself needs to be world-readable. It seems that the
"/data/data/org.fdroid.fdroid/cache" dir provided by the Context is
already world executable, but the "apks" subdirectory does not default
to this.
Also, to be compatible with android-8, a Runtime.getRuntime().exec()
call was added for such devices, which invokes /system/bin/chmod.
The effect of this was to require some level of file sanitization to
be made available using the Java type system to prevent command injection
attacks from weird apk names (as people are free to download metadata
from random internet people).
