allow APKs with same packageName/versionCode but different signer

There are many APKs out in the wild that claim to be the same app and version and each other, but they are signed by different keys. fdroid should be able to index these, and work with them. This supports having the developer's signature via reproducible builds, random collections of APKs like repomaker, etc.
2025-11-05 15:00:30 +03:00 · 2017-05-30 14:52:33 +02:00 · 2017-05-30 14:52:33 +02:00 · 0f4cbc7224
commit 0f4cbc7224
parent 2c6945dac7
6 changed files with 35 additions and 5 deletions
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@ -361,9 +361,16 @@ def make_v0(apps, apks, repodir, repodict, requestsdict):

        # Check for duplicates - they will make the client unhappy...
        for i in range(len(apklist) - 1):
-            if apklist[i]['versionCode'] == apklist[i + 1]['versionCode']:
-                raise FDroidException("duplicate versions: '%s' - '%s'" % (
-                    apklist[i]['apkName'], apklist[i + 1]['apkName']))
+            first = apklist[i]
+            second = apklist[i + 1]
+            if first['versionCode'] == second['versionCode'] \
+               and first['sig'] == second['sig']:
+                if first['hash'] == second['hash']:
+                    raise FDroidException('"{0}/{1}" and "{0}/{2}" are exact duplicates!'.format(
+                        repodir, first['apkName'], second['apkName']))
+                else:
+                    raise FDroidException('duplicates: "{0}/{1}" - "{0}/{2}"'.format(
+                        repodir, first['apkName'], second['apkName']))

        current_version_code = 0
        current_version_file = None