installing updates is not allowed on 5.1 or newer

PrivExt warns users that you cannot directly install the PrivExt APK on Android 5.1 or newer. The problem is that this also stops updates when PrivExt is already installed as a priv-app. Instead, PrivExt should not put up that warning if it is not present in /system/priv-app.

https://gitlab.com/fdroid/fdroidclient/commit/cf694b6d830debff4bc31a7c24f0759abb7c34e2 @dschuermann what was the reason behind this? Perhaps the update.zip install method being available?

I'll look at the update scenario meanwhile, should be a good time to setup a local fdroidserver instance to have my own repo for testing updates (or I could just install an old version and try to update I guess)

I put this there because I wasn't able to get the root installation method working on Android > 5.1, this has nothing to do with the update.zip method. That this prevents updates of the extension is indeed bad.

I would propose:

• change string to "On Android 5.1 or later F-Droid Privileged Extension must be installed by manually flashing update.zip"
• At https://gitlab.com/fdroid/fdroidclient/blob/master/app/src/main/java/org/fdroid/fdroid/installer/InstallerFactory.java#L48 only use ExtensionInstaller if the apk is not already installed. Maybe simply checking if apk is already installed using standard Android APIs is okay.

What I ended up doing is https://gitlab.com/cde/fdroidclient/commit/0bce5cebe67b0a15cb2c293c65a14bf99da6bd2f

By checking whether the privext is installed and being used before checking if the apk to be installed is privext, updates work.

Can't exactly test this right now as I ran into a chicken and egg problem.

To test updates properly, I need to install the signed privext. If I have the signed privext, it won't let my debug fdroidclient build (with above patch) access privext. If I use a debug privext with my debug keys, upgrading will first ask me to uninstall the privext.

I'll setup a local fdroid repo to work around this, I've wanted to do that since a while to test updates.

Great solution :)

ah, I see this is actually a bug in fdroidclient, not priv ext. So the original PrivExt was able to be installed directly by F-Droid on rooted devices. Starting in 5.1, this was no longer possible, so we added that check to the root install method so that people would get a warning that this method no longer worked.

So for this case, we'll have to change the logic a bit. The priv-app detection will need to happen in the code that chooses which Installer subclass to use. If PrivExt is installed in /system/priv-app on any version, then updates should be installed via the normal installer.

Once we have a fix for this, it should be merged separately into stable-0.102.

oops sorry was out of date due to bad wifi at rights con

moved from privileged-extension#26 (closed)

changed milestone to %0.102.3

added privileged installer label

One thing we could do for the > 5.1 devices, assuming that if users want to install the update.zip they would have a recovery setup, and that there is root access - install the zip automatically. the recoveries have a language which the system updater uses to tell which file to install, and we can leverage that.

There's a file, /cache/recovery/command (before 7.0 as 7.0 dropped the cache partition), and it contains --update_package=/path/to/our/fdroid/update.zip

We can write that file, issue a reboot to recovery and then the package would be installed automatically.

mentioned in merge request !457 (closed)

mentioned in merge request !458 (closed)

The two MRs above (!457 (closed) and !458 (closed) ) are the fixes for the stable branch Ignore the above two, I mixed up two issues.

https://gitlab.com/fdroid/fdroidclient/merge_requests/459 fixes this, and cherry picks to stable branch cleanly.

mentioned in merge request !459 (merged)

closed via merge request !459 (merged)