Support notion of "preferred signature".
Recently fdroidserver
acquired the means to serve the same version of an apk multiple times, each with a different signature. Under these circumstances, it can also broadcast a "preferred signature" with the metadata that it sends the client.
Here is a sketch of how this should behave. It goes into quite a lot of detail because I need to know all this to write the tests anyway. This way though, people can comment if they think I've gotten something wrong.
Take three signatures F-DROID
, UPSTREAM
, AND BETA
, used to sign the following apks:
F-DROID |
BETA |
UPSTREAM |
---|---|---|
1.0-rc1 [beta] |
||
1.0 [fdroid] |
1.0 [beta] |
|
2.0-rc1 [beta] |
||
2.0-rc2 [beta] |
||
2.0 [fdroid] |
2.0 [beta] |
2.0 [upstream] |
3.0-rc1 [beta] |
||
3.0 [fdroid] |
3.0 [beta] |
3.0 [upstream] |
4.0-rc1 [beta] |
||
4.0-rc2 [beta] |
||
4.0 [beta] |
4.0 [upstream] |
|
5.0-rc1 [beta] |
||
5.0-rc2 [beta] |
||
5.0-rc3 [beta] |
Now take these three repositories:
f-droid.org | dev.upstream.com | upstream.com |
---|---|---|
1.0 [fdroid] |
1.0-rc1 [beta] |
2.0 [upstream] |
2.0 [fdroid] |
1.0 [beta] |
3.0 [upstream] |
3.0 [fdroid] |
2.0-rc1 [beta] |
4.0 [upstream] |
2.0 [upstream] |
2.0-rc2 [beta] |
|
3.0 [upstream] |
2.0 [beta] |
|
3.0-rc1 [beta] |
||
3.0 [beta] |
||
4.0-rc1 [beta] |
||
4.0-rc2 [beta] |
||
4.0 [beta] |
||
5.0-rc1 [beta] |
||
5.0-rc2 [beta] |
||
5.0-rc3 [beta] |
The bold
versions are those marked CurrentVersionCode
by the server. F-Droid has two, because CV doesn't care about signatures, just version codes.
The 4.0 [upstream]
is not present in F-Droid, because it hasn't been built reproducibly by F-Droid yet.
Also the dev repo has newer versions than upstream and they are signed by a beta signing key (e.g. because they were built by a CI server or something like that).
Calculating the suggested version
Only f-droid.org
The server would specify that UPSTREAM
is the preferred sig, so 3.0 [upstream]
should be the preferred version. This should still be the case even if F-Droid was able to build a 4.0 [fdroid]
version, but not reproducibly so there is no 4.0 [upstream]
in the F-Droid repo. That is, it should reject the higher 4.0 version in preference for the developers signature.
- The preferred signature will be
UPSTREAM
. - Preferred version should be
3.0 [upstream]
.
f-droid.org + dev.upstream.com
-
dev.upstream.com
has highest priority. - The preferred signature will be
BETA
. - Preferred version should be
4.0 [beta]
. - With unstable updates, preferred version should be
5.0-rc3 [beta]
.
f-droid.org + upstream.com
-
upstream.com
has highest priority. - The preferred signature will be
UPSTREAM
.- Coincidentally both repos stipulate this, but here it is read from upstream.com.
- Preferred version should be
4.0 [upstream]
.
f-droid.org + upstream.com + dev.upstream.com
-
dev.upstream.com
has highest priority. - The preferred signature will be
BETA
. - Preferred version should be
4.0 [beta]
. - With unstable updates, preferred version should be
5.0-rc3 [beta]
.
f-droid.org + dev.upstream.com + upstream.com
-
upstream.com
has highest priority. - The preferred signature will be
UPSTREAM
. - Preferred version should be
4.0 [upstream]
.- If in the future F-Droid published a
5.0 [upstream]
before upstream.com did, then we would happily suggest that to the users.
- If in the future F-Droid published a