153 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
36c76070e5 Apk.versionName can be null, and the code should handle it
closes #1418
2018-04-17 15:30:56 +02:00
Hans-Christoph Steiner
615e559ce1 only prompt to swap back to proper swap URLs
Before, it was possible to annoy the user by sending HTTP POST with any
repo URL in it.
2018-04-13 00:20:52 +02:00
Hans-Christoph Steiner
34381f9cfb simplify creation of Repo instances in tests
Creating a Repo instance first seems totally redundant and confusing.
2018-03-29 22:33:42 +02:00
Hans-Christoph Steiner
cc540301d1 purge all references to ICON_URL_LARGE, its unused
This was only partially hooked up and often not even populated.
It was added in 4895e2d790ec3b91fa4271a24e1ea0ae69d362f4, but things have
changed a lot now.  We should be moving towards preferring the drawable XML
vector icons, which will scale nicely for all DPIs.
2018-03-21 20:10:37 +01:00
Marcus Hoffmann
10e2bf2a7c
add liberapay field and donation option
This add the liberapayID index field to the local db and then displays a
donation badge for apps that provide this.
2018-02-15 19:58:12 +01:00
Hans-Christoph Steiner
6d011c3895 use triedEmptyUpdate methods in Preferences throughout the codebase
We have these methods, they should be used!
2018-01-31 16:20:23 +01:00
Hans-Christoph Steiner
d8879dd425 make DBHelper follow the Java Singleton pattern
It was already behaving like a singleton, but the code was spread around in
other classes.  DBHelper does not use a private constructor though since
the tests prevent it.
2018-01-31 16:20:23 +01:00
Michael Pöhn
96def8adca added parsing for repository signing key property to provisioning files 2018-01-25 23:28:15 +01:00
Michael Pöhn
4a5ad0a33d implemented parser for (repository) provisioning 2018-01-25 23:28:15 +01:00
Hans-Christoph Steiner
55aa8e9aa6 use standard buffer size for Utils.getBinaryHash()
While a large buffer might make things slightly faster, the smaller buffer
size should play much nicer when F-Droid is doing things in the background.
Since calculating the hash is part of the update procedure, which can now
happen in the background, this method will be often running in the
background.

The tests showed no difference in time between the large and small buffer.
2018-01-12 13:50:32 +01:00
Hans-Christoph Steiner
92f94ef195 Merge branch 'trim-names-and-summaries' into 'master'
Trim names and summaries

See merge request fdroid/fdroidclient!613
2017-12-01 11:17:12 +00:00
Hans-Christoph Steiner
427d0d0aa0 add 'debug' to applicationId and versionName for debug builds 2017-11-23 10:55:13 +01:00
Jonas Kalderstam
44d984786f Trim names and summaries on database insert
When metadata is read from localized files such as
Fastlane/Triple-Play the names/summaries get stored on the server with
a trailing newline. This is not a problem when displaying as HTML as
in a browser but causes unwanted whitespace in the app.

See also https://gitlab.com/fdroid/fdroidserver/merge_requests/375,
and https://gitlab.com/fdroid/fdroidclient/issues/1114
2017-11-20 00:36:12 +01:00
Peter Serwylo
0551b0d1fc Allow user to ignore messages about vulnerable apps 2017-09-27 15:03:03 +10:00
Peter Serwylo
5f64985b34 Added 'ignore vuln' preference for apps 2017-09-27 15:03:03 +10:00
Peter Serwylo
7424220c02 Add apps with known vulnerabilities to updates tab.
Currently only supports "Uninstall", but will soon also support "Upgrade
to a newer version".
2017-09-27 15:03:03 +10:00
Peter Serwylo
504854547b Add query to get installed apps with known vuln + tests.
Note that I don't think the query will work correctly across multiple repos,
because it is currently only querying the app with the "preferred
metadata".
2017-09-27 15:03:02 +10:00
Peter Serwylo
1fc8828122 Save per-apk anti features to join table + tests.
Also use a newer version of testy.at.or.at index for the index-v1 test,
because it includes apks with "KnownVuln" anti features whereas the
older version did not.
2017-09-27 15:03:02 +10:00
Peter Serwylo
595f72d5b2 Calculate whether an app is an APK or not when updating repos.
This improves performance when we need to decide whether or not apps are
installed or not while scrolling through large lists.

Fixes #1143.

Also change Jackson tests to properly ignore App#isApk.
2017-09-12 16:51:44 +02:00
Hans-Christoph Steiner
0730d3c676 set App.preferredSigner when using index v0 #1086
This was an oversight when we added this functionality, though there was
a related TODO.

41f85f3c9df934daba0ee0d60c4c01bb071fa6e7
2017-09-04 22:20:55 +02:00
Peter Serwylo
2d377453d9 Ensure swapping doesn't get confused by apks in different repos.
While investigating #1086 which was about swap being busted, I
discovered that we recently introduced a worse bug when working with
multi sig stuff. The swap process, when installing an app (or even when
listening for if a user started installing - before they even did
anything), would ask for an apk from any repo. This is wrong, because we
should only ask for the apks from the swap repo when presented with a
swap dialog.

By fixing this so that it asks for a specific apk, this may also
fix the issue in #1086, because that was about us not asking for enough
info from the database for each Apk which was returned. Now we just
return all columns, because the performance overhead should be minimal,
but it prevents this class of bugs, where we didn't fully populate
our value object. However, I'm not confident that it is fixed, because I
was unable to reproduce it due to the other crash fixed in this change.

Relevant crash:

```
java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String org.fdroid.fdroid.data.Apk.getUrl()' on a null object reference
  at org.fdroid.fdroid.views.swap.SwapAppsView$AppListAdapter$ViewHolder.setApp(SwapAppsView.java:311)
  at org.fdroid.fdroid.views.swap.SwapAppsView$AppListAdapter.bindView(SwapAppsView.java:422)
  at org.fdroid.fdroid.views.swap.SwapAppsView$AppListAdapter.newView(SwapAppsView.java:414)
  at android.support.v4.widget.CursorAdapter.getView(CursorAdapter.java:269)
  at android.widget.AbsListView.obtainView(AbsListView.java:2349)
  at android.widget.ListView.makeAndAddView(ListView.java:1864)
  at android.widget.ListView.fillDown(ListView.java:698)
...
```
2017-08-01 11:59:41 +10:00
Hans-Christoph Steiner
a71eb243fa remove unused imports 2017-07-18 10:09:34 +02:00
Peter Serwylo
e26748e0e0 Remove now-unneccesary "update" code from repo updater.
Now that we need only "insert" new apps rather than"
 * Identify if an app exists
 * If so, update
 * If not, insert

There is much less code required for all of this stuff.
2017-07-17 14:33:16 +10:00
Peter Serwylo
5bde27daa8 Only copy the apps/apks for the current repo to temp tables.
When preparing a temp database to write to, don't copy all apps/apks.
Instead, only copy those _not_ belonging to the repo we are updating.
In an ideal world, we'd not even need to copy them, but we need
their IDs to be in the temp database so that we don't accidentally
use the same auto-generated ID as the main database.

This also means that we can drop the check for "does this app exist,
and hence should we UPDATE it instead of INSERTing it?" and always
just insert it.

Then, when copying the temp table back to disk, first delete all
apps/apks _belonging to the repo being updated_. Then, copy back the
apks/apps we found in the repo. This again improves performance because
we no longer need to bopy back and forth data which we know
wont change (as evidenced by the fact it belongs to a differen trepo).

I don't think this was possible earlier before we did the work to
support repo priorities properly. That is because we had a single app
which was serviced by several repositories. Now, we have multiple
entries in the `fdroid_app` table, for each repo which supports
that app.
2017-07-17 14:27:43 +10:00
Peter Serwylo
8c3441939f Pass through the ID of the repo being updated to the temp tables.
This will allow for more intelligent and efficient copying of data back
and forth from temp to persistent tables.
2017-07-17 12:45:55 +10:00
Hans-Christoph Steiner
488b9b02f9 update Issue763MultiRepo test to work with valid signatures
The test files used in Issue763MultiRepo.java are signed using MD5, which
is now considered invalid.  So if that test is run on any recent Java, it
will fail with a signature error.  This updates the test files to be signed
with SHA1 instead.

* index.microg.jar is a new version fetched from https://microg.org
* index.antox.jar was resigned with the testy.at.or.at key, since antox
  website doesn't exist anymore.
2017-07-14 21:55:33 +02:00
Hans-Christoph Steiner
dcf395ad9a add test to update index.xml using index-v1.json 2017-07-07 18:06:49 +02:00
Hans-Christoph Steiner
2a7fe78483 split IndexV1Updater's repo saving into working code
RepoUpdater.prepareRepoDetailsForSaving() was broken here because the Repo
properties were being set before calling it, and then the Repo instance was
passed to it for comparison.  So the comparison was always saying the value
was unchanged.  In IndexV1Updater, the flow doesn't need those checks.

This also fixes the bug where added repos never had their name/description/
icon/etc show up in ManageRepos and RepoDetails.

@cde found this bug working on mirror support, thanks!

related to #35
closes #1016
2017-07-07 18:06:49 +02:00
Hans-Christoph Steiner
7dbf03c435 Apk.isMediaInstalled() needs to check using sanitized file names
The install process automatically sanitizes filenames to avoid exploits
that put attack code in the filename.  Media files are also installed using
this logic, so the installed check needs to use sanitized file names to be
accurate.
2017-07-07 17:09:14 +05:30
Hans-Christoph Steiner
339deb97d9 Merge branch 'issue-1093--reduce-ci-verbosity' into 'master'
Reduce verbosity of CI logging

See merge request !557
2017-07-06 22:19:56 +00:00
Peter Serwylo
acbf563724 Reduce verbosity of logging 2017-07-06 11:25:17 +10:00
Peter Serwylo
9acc5a2310 Make pre-multi-sig tests work again.
Before mult-signature support, the process of marking an app as
installed in the `InstalledAppProvider` didn't have any side effects
beyond its own table. Now, it is also responsible for calculating the
`suggestedVersionCode` of the associated app as well.

This means old tests around suggested versions no longer work. This is
because they would insert an App, and set the
`Cols.SUGGESTED_VERSION_CODE` using a `ContentValues`. This was then
overwritten by the `InstalledAppProvider` asking for the real
calculation for suggested versions. That is - it would check for
relevant apks and figure out which was best.

To make the old tests correct, they need:
 * To be able to "install" apps with the correct signature.
 * To insert the relevant apks into the database, not just depend on the
   presence  of an `app`.
2017-07-06 09:22:23 +10:00
Peter Serwylo
bf4b0d89a1 Ensure that the suggestedVersionCode is updated after [un]installing.
Previously, it was only done on repo update.

Now it is done whenever an app is installed or unisntalled. The query to
update the suggested version for each app is quite slow when run at the
end of a repo update. However in this change, we are limiting the query
to only update a single app, which means that performance should not be
a problem.
2017-07-06 09:22:23 +10:00
Peter Serwylo
caac895442 Add "preferredSigner" field to App.
At present, this is chosen from the first package in the index-v1
metadata.
2017-07-06 09:22:21 +10:00
Peter Serwylo
6b42b802b3 Tests for preferred multi sig choice.
When a single repo provides apks with multiple signatures, then we need
to be able to select the preferred one. This adds tests for this which
fail, because that feature has not yet been implemented.
2017-07-06 09:20:45 +10:00
Peter Serwylo
b7b8865325 Extract useful test functions into TestUtils
These will be used by a "preferred sig" test soon.
2017-07-06 09:20:45 +10:00
Peter Serwylo
b28057a6ee Sort 'top x apps in category' in descending last updated order.
See #754. Doesn't fix it, because that requests the entire list to be
sorted, but this just sorts the category overview screen.
2017-06-16 11:53:03 +10:00
Peter Serwylo
edf84c533d Added more explicit test for UpdateService and its can update notification 2017-06-13 12:52:17 +10:00
Peter Serwylo
5a292b8e77 Cleanup tests by extracting common code, and test canUpdate query. 2017-06-13 12:52:16 +10:00
Peter Serwylo
189b2277ba Refactor ApkProvider.getApkFromAnyRepo to getSuggestedApk(Apk).
This is really the intention of the method, given it used to accept
a version code and a package name. Now it optionally accepts a sig
also. If present, it will restrict the query to apks with that sig.

Also added to the multi-sig tests to ensure this method takes it into
consideration.
2017-06-13 12:52:16 +10:00
Peter Serwylo
655a30c309 Use integer instead of boolean.
There is some magic conversions going on so that booleans get
converted into integers, but they are only on Android. Under
robolectric, it throws a class cast exception instead.
2017-06-13 12:49:35 +10:00
Peter Serwylo
f7d9be9cd5 Remove System.out.print's. Replace with Logs where appropriate.
Some were removed and left removed if they were run during tests,
because the tests are supposed to be automated and the noise they added
would not have helped diagnose a failure.

Also removed the dead code around "uses-feature" which will never
get implemented, especially as it is in the XML index.
2017-06-13 12:49:15 +10:00
Peter Serwylo
bb96cdeff9 Refactor join between installed apps and packages. 2017-06-13 09:05:37 +10:00
Peter Serwylo
82eb50c2fe Add test for multi-repo multi-sig apps 2017-06-12 14:22:05 +10:00
Peter Serwylo
aa472ba764 Drop the composite vercode + repo primary key from apk table
We expect repos to serve multiple apks with the same version code but
different signing certificates in the future.
2017-06-12 13:48:36 +10:00
Peter Serwylo
44ffaa37d6 Add suggested version tests.
Some are failing as expected, but should define the correct behaviour.

Still needs support for multi-repo tests.
2017-06-12 13:48:35 +10:00
Hans-Christoph Steiner
48fd6d287d enforce max line length at 118
gitlab's diff views wrap badly when lines are longer than 118.  Android
Studio places a grey line in the UI at 120.

@SuppressWarnings("LineLength") is added to a bunch of files to prevent
making this commit huge.  People can remove that as they work on those
files, and fix the issues then.

I also ran Android Studio's default Ctrl-Alt-L code formatter, where it was
easy to do, and I was already in the file.
2017-06-06 16:12:23 +02:00
Peter Serwylo
294e1d2821 Simulate armeabi as the architecture during multi-repo test
This allows us to test "installing" Adaway, which has a native code
dependency that the default Robolectric setup doesn't support (defaults
to armeabi-v7a).
2017-04-28 11:50:05 +10:00
Peter Serwylo
b1a1c68ad7 Improved tests to catch incorrect suggested versions with multi repos.
This is the bug outlined in #974. This commit just adds a test which
catches the problem, but does not fix it yet.
2017-04-28 10:17:27 +10:00
Hans-Christoph Steiner
97fd3f0bad support "What's New" and "Video" fields from index-v1
fdroidserver currently only supports a single WhatsNew field that
comes from the CurrentVersionCode of the app.  Google Play and
fastlane supply support a WhatsNew field per-release, but we don't use
that data anywhere, and implementing that in the data structures would
add a lot of complexity since Apk would then need to have its own
"localized" section like App does.

The "Video" field is just a URL pointing to a video.

closes #910
2017-04-14 01:31:33 +02:00