sort index-v1; publish now creates and stores a list of signature fingerprints

fdroidserver/index.py

@@ -39,7 +39,7 @@ from . import common
 from . import metadata
 from . import net
 from . import signindex
-from fdroidserver.common import FDroidPopen, FDroidPopenBytes
+from fdroidserver.common import FDroidPopen, FDroidPopenBytes, load_stats_fdroid_signing_key_fingerprints
 from fdroidserver.exception import FDroidException, VerificationException, MetaDataException
 
 
@@ -151,11 +151,15 @@ def make(apps, sortedids, apks, repodir, archive):
                 raise TypeError(_('only accepts strings, lists, and tuples'))
         requestsdict[command] = packageNames
 
-    make_v0(appsWithPackages, apks, repodir, repodict, requestsdict)
-    make_v1(appsWithPackages, apks, repodir, repodict, requestsdict)
+    fdroid_signing_key_fingerprints = load_stats_fdroid_signing_key_fingerprints()
+
+    make_v0(appsWithPackages, apks, repodir, repodict, requestsdict,
+            fdroid_signing_key_fingerprints)
+    make_v1(appsWithPackages, apks, repodir, repodict, requestsdict,
+            fdroid_signing_key_fingerprints)
 
 
-def make_v1(apps, packages, repodir, repodict, requestsdict):
+def make_v1(apps, packages, repodir, repodict, requestsdict, fdroid_signing_key_fingerprints):
 
     def _index_encoder_default(obj):
         if isinstance(obj, set):
@@ -168,6 +172,9 @@ def make_v1(apps, packages, repodir, repodict, requestsdict):
     output['repo'] = repodict
     output['requests'] = requestsdict
 
+    # establish sort order of the index
+    v1_sort_packages(packages, repodir, fdroid_signing_key_fingerprints)
+
     appslist = []
     output['apps'] = appslist
     for packageName, appdict in apps.items():
@@ -234,6 +241,35 @@ def make_v1(apps, packages, repodir, repodict, requestsdict):
         signindex.sign_index_v1(repodir, json_name)
 
 
+def v1_sort_packages(packages, repodir, fdroid_signing_key_fingerprints):
+
+    GROUP_DEV_SIGNED = 1
+    GROUP_FDROID_SIGNED = 2
+    GROUP_OTHER_SIGNED = 3
+
+    def v1_sort_keys(package):
+        packageName = package.get('packageName', None)
+
+        sig = package.get('signer', None)
+
+        dev_sig = common.metadata_find_developer_signature(packageName)
+        group = GROUP_OTHER_SIGNED
+        if dev_sig and dev_sig == sig:
+            group = GROUP_DEV_SIGNED
+        else:
+            fdroidsig = fdroid_signing_key_fingerprints.get(packageName, {}).get('signer')
+            if fdroidsig and fdroidsig == sig:
+                group = GROUP_FDROID_SIGNED
+
+        versionCode = None
+        if package.get('versionCode', None):
+            versionCode = -int(package['versionCode'])
+
+        return(packageName, group, sig, versionCode)
+
+    packages.sort(key=v1_sort_keys)
+
+
 def make_v0(apps, apks, repodir, repodict, requestsdict):
     """
     aka index.jar aka index.xml

fdroidserver/publish.py

@@ -53,7 +53,7 @@ def publish_source_tarball(apkfilename, unsigned_dir, output_dir):
 
 
 def key_alias(appid, resolve=False):
-    """Get the alias which which F-Droid uses to indentify the singing key
+    """Get the alias which F-Droid uses to indentify the singing key
     for this App in F-Droids keystore.
     """
     if config and 'keyaliases' in config and appid in config['keyaliases']:
@@ -356,6 +356,9 @@ def main():
                 publish_source_tarball(apkfilename, unsigned_dir, output_dir)
                 logging.info('Published ' + apkfilename)
 
+    store_stats_fdroid_signing_key_fingerprints(allapps.keys())
+    logging.info('published list signing-key fingerprints')
+
 
 if __name__ == "__main__":
     main()

fdroidserver/update.py

@@ -971,13 +971,15 @@ def scan_apk(apk_file):
     else:
         scan_apk_androguard(apk, apk_file)
 
-    # Get the signature
+    # Get the signature, or rather the signing key fingerprints
     logging.debug('Getting signature of {0}'.format(os.path.basename(apk_file)))
     apk['sig'] = getsig(apk_file)
     if not apk['sig']:
         raise BuildException("Failed to get apk signature")
     apk['signer'] = common.apk_signer_fingerprint(os.path.join(os.getcwd(),
                                                                apk_file))
+    if not apk.get('signer'):
+        raise BuildException("Failed to get apk signing key fingerprint")
 
     # Get size of the APK
     apk['size'] = os.path.getsize(apk_file)