sort index-v1; publish now creates and stores a list of signature fingerprints

2025-11-05 15:00:30 +03:00 · 2017-09-20 00:16:13 +02:00 · 2017-09-20 00:16:13 +02:00 · 6930edf889
commit 6930edf889
parent bca07f794f
4 changed files with 161 additions and 7 deletions
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@ -39,7 +39,7 @@ from . import common
 from . import metadata
 from . import net
 from . import signindex
-from fdroidserver.common import FDroidPopen, FDroidPopenBytes
+from fdroidserver.common import FDroidPopen, FDroidPopenBytes, load_stats_fdroid_signing_key_fingerprints
 from fdroidserver.exception import FDroidException, VerificationException, MetaDataException


@ -151,11 +151,15 @@ def make(apps, sortedids, apks, repodir, archive):
                raise TypeError(_('only accepts strings, lists, and tuples'))
        requestsdict[command] = packageNames

-    make_v0(appsWithPackages, apks, repodir, repodict, requestsdict)
-    make_v1(appsWithPackages, apks, repodir, repodict, requestsdict)
+    fdroid_signing_key_fingerprints = load_stats_fdroid_signing_key_fingerprints()
+
+    make_v0(appsWithPackages, apks, repodir, repodict, requestsdict,
+            fdroid_signing_key_fingerprints)
+    make_v1(appsWithPackages, apks, repodir, repodict, requestsdict,
+            fdroid_signing_key_fingerprints)


-def make_v1(apps, packages, repodir, repodict, requestsdict):
+def make_v1(apps, packages, repodir, repodict, requestsdict, fdroid_signing_key_fingerprints):

    def _index_encoder_default(obj):
        if isinstance(obj, set):
@ -168,6 +172,9 @@ def make_v1(apps, packages, repodir, repodict, requestsdict):
    output['repo'] = repodict
    output['requests'] = requestsdict

+    # establish sort order of the index
+    v1_sort_packages(packages, repodir, fdroid_signing_key_fingerprints)
+
    appslist = []
    output['apps'] = appslist
    for packageName, appdict in apps.items():
@ -234,6 +241,35 @@ def make_v1(apps, packages, repodir, repodict, requestsdict):
        signindex.sign_index_v1(repodir, json_name)


+def v1_sort_packages(packages, repodir, fdroid_signing_key_fingerprints):
+
+    GROUP_DEV_SIGNED = 1
+    GROUP_FDROID_SIGNED = 2
+    GROUP_OTHER_SIGNED = 3
+
+    def v1_sort_keys(package):
+        packageName = package.get('packageName', None)
+
+        sig = package.get('signer', None)
+
+        dev_sig = common.metadata_find_developer_signature(packageName)
+        group = GROUP_OTHER_SIGNED
+        if dev_sig and dev_sig == sig:
+            group = GROUP_DEV_SIGNED
+        else:
+            fdroidsig = fdroid_signing_key_fingerprints.get(packageName, {}).get('signer')
+            if fdroidsig and fdroidsig == sig:
+                group = GROUP_FDROID_SIGNED
+
+        versionCode = None
+        if package.get('versionCode', None):
+            versionCode = -int(package['versionCode'])
+
+        return(packageName, group, sig, versionCode)
+
+    packages.sort(key=v1_sort_keys)
+
+
 def make_v0(apps, apks, repodir, repodict, requestsdict):
    """
    aka index.jar aka index.xml