eb14d157db
Correctly identify the repo for a given URL to fix HTTP Auth. **NOTE: Based on !355 (If that one gets merged first, I can rebase this, or else we can merge this one for both commits)** When downloading arbitrary URLs using F-Droid (e.g. icons, .apk files, indexes) then it may be the case that the repo requires authentication. As such, we try to infer the repository based purely on the URL. The old code took the basename of the URL, which means remove the last fragment (e.g. "index.jar") and use the remaining portion of the URL to lookup the repo. This is broken for many reasons, partly because of the presence of a query string, partly because there are other things which are not just in the root directory of the repo (e.g. "/icons/*.png"). This new method iteratively peels off the right most segment of the URLs path, then looks to see if a repo exists at that address. Note that this breaks down if you have nested repositories on a server, where one of the repositories is nested inside a directory that F-Droid knows about, such as "icons". In such a case, the following repositories: * https://f-droid.org/repo (requires auth) * https://f-droid.org/repo/icons (doesn't require auth) will break down. If requesting something from the repo requiring auth: * https://f-droid.org/repo/icons/org.fdroid.fdroid.png Then it will lookup the database and find the repo which lives in "/icons" and doesn't require auth (or requires a different auth username/password). Not sure there is a lot that can be done about this without major refactoring. Such refactoring would require making sure a `Repo` is always given to a downloader for any HTTP request, and is probably a bit out of scope of this bug. Also added tests for this behaviour. Fixes #711. See merge request !357
F-Droid Client
Client for F-Droid, the Free Software repository system for Android.
Building with Gradle
./gradlew assembleRelease
Direct download
You can download the application directly from our site or browse it in the repo.
Contributing
See our Contributing doc for information on how to report issues, translate the app into your language or help with development.
IRC
We are on #fdroid and #fdroid-dev on Freenode. We hold weekly dev meetings
on #fdroid-dev on Tuesdays at 20h UTC, which usually last half an hour.
FAQ
- Why does F-Droid require "Unknown Sources" to install apps by default?
Because a regular Android app cannot act as a package manager on its own. To do so, it would require system privileges (see below), similar to what Google Play does.
- Can I avoid enabling "Unknown Sources" by installing F-Droid as a privileged system app?
This used to be the case, but no longer is. Now the Privileged Extension is the one that should be placed in the system. It can be bundled with a ROM or installed via a zip, or alternatively F-Droid can install it as a system app using root.
License
This program is Free Software: You can use, study share and improve it at your will. Specifically you can redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Some icons are made by Picol, Icomoon or Dave Gandy from Flaticon or by Google and are licensed by Creative Commons BY 3.0.
Other icons are from the Material Design Icon set released under an Attribution 4.0 International license.