Pubkey extraction on update is erroneous in some cases
If _JAVA_OPTIONS environment variable is set while fdroid update
is executed, keytool -exportcert ...
prints 'Picked up _JAVA_OPTIONS: ...' to stderr, which gets redirected to stdout (in common.FDroidPopen). As a result of that output (expected public key data) contains extra text at the beginning.
That output then treated as public key data, so it produces wrong fingerprint (probably wrong signature too).
fdroid update
finishes fine - no error or warning is reported - only wrong fingerprint is displayed.
Android client emits error message about fingerprint mismatch, if tried to update such repo.