if a repo is not accessible, try one of the official mirrors

Once the repos start including metadata about official mirrors (https://gitlab.com/fdroid/fdroidserver/issues/14), the client should try to use a mirror if it can't reach the main repo. Following the Debian model, if we use the signing key as the trusted ID of a given repo, then any repo can be freely mirrored anywhere and it will still be trusted.

Added requires-fdroidserver-changes label

mentioned in issue #225

Would this need to have a "freshness check"? I.e. a check that the mirror has been updated recently. Otherwise, a MITM attack is possible by referring someone to an outdated copy of the repo and waiting for vulnerabilities to be detected in apps. Also, an out of date mirror is annoying. Perhaps such a freshness check should also be added to check whether the main repo is up to date

There is some work towards supporting the expiration of repo metadata, just like how Debian repos work. That would at least alert the user that they are getting out of data info from a mirror.

The idea of the official mirror support is that all of the official mirrors are updated at the same time from a single call to fdroid server update, and the person running the main repo would then also put their own mirrors into the repo index. This isn't the same model as lots of mirrors, where anyone can just put up a mirror. That could work with FDroid too, but FDroid would not automatically try to use an unofficial mirror.

mentioned in issue fdroidserver#14 (closed)

mentioned in issue #110 (closed)

mentioned in issue admin#11

@cde this is another thing that would be great for you to look into.

added requires-server-changes label

FYI, regarding the "requires-server-changes" that part is already implemented and available in both index.xml and index-v1.json.

assigned to @cde

changed milestone to %1.1

added bazaar label

changed milestone to %1.0

discussion here https://botbot.me/freenode/fdroid-dev/msg/88222519/

To summarize the discussion, there could be simple logic like:

• if there are no mirrors, then keep current downloading behavior
• if there is more than one "mirror", use short TCP timeout
• cycle through the mirrors until one works, or the download is canceled
• increase the timeout on each cycle (10 seconds, 30 seconds, 1 minute)
• self-cancel after those three cycles of trying

mentioned in merge request !559 (merged)

I've been working on this at https://gitlab.com/cde/fdroidclient/commits/mirrors

The latest commit, https://gitlab.com/cde/fdroidclient/commit/d0431e21e0b64741205fe4f4969d4af631893dc0 (v0.04), implements the points mentioned above.

At this point, what could (and should, for some parts) change is where exactly is the logic implemented, and how to easily re-use parts of it as appropriate for index and image download.

Pushed a minor update with very little improvements.

At this point, I'm happy with the timeouts, however the mirror selection could be better if needed.

Right now it shuffles through available mirrors, that might lead to duplicates or misses. The alternative would be to try first mirror for the first try, second for the second, i.e. make it deterministic - it would make the code a little bit more complex than right now but would still be easy to implement.

Should I?

Apart from this, I guess I should considering opening a MR for this, and also figure out where do I want to keep the lastMirror/timeout variables.

mentioned in merge request !578

MR opened, https://gitlab.com/fdroid/fdroidclient/merge_requests/578 with what I had done so far, which is rudimentary mirror support for downloading the app / package itself.

What's not done is using mirrors for the index and screenshots.

changed milestone to %1.1