f8578b178e
The code for promoting an untrusted repo with no fingerprint, to a repo with a pubkey and a fingerprint, was still there. The problem was that it was being executed after we verified the index.jar cert against the pubkey stored against the repo (which is empty for TOFU repos). This change makes it so that if we are updating a repo without a fingerprint, then it is a TOFU request, and we don't try to verify the certificates. closes #85 https://gitlab.com/fdroid/fdroidclient/merge_requests/85 closes #254 https://gitlab.com/fdroid/fdroidclient/issues/254