From 3798a884a6b963b178b113ba17326125189eed6a Mon Sep 17 00:00:00 2001
From: Nico Alt <nicoalt@posteo.org>
Date: Fri, 22 Mar 2019 17:15:58 +0100
Subject: [PATCH] Flush file before passing it to next function

When downloading a repo index, the downloaded index got written to a
file with `.write()` in a `with` clause. Before the file got actually
written to the disk, it got already passed into the next function,
resulting in a `VerificationException`:
```
JAR signature failed to verify: /tmp/tmppq2r51r0
jarsigner: java.util.zip.ZipException: zip file is empty
```

This behavior got introduced in
869cc114a3926fe6ffbfb55c3e8329f773c532cf.

I've found this bug with help of Repomaker's tests: https://gitlab.com/fdroid/repomaker/merge_requests/215#note_148994053
---
 fdroidserver/index.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index 29027a38..95f7f256 100644
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -717,6 +717,7 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True, timeout=600
 
     with tempfile.NamedTemporaryFile() as fp:
         fp.write(download)
+        fp.flush()
         index, public_key, public_key_fingerprint = get_index_from_jar(fp.name, fingerprint)
         index["repo"]["pubkey"] = hexlify(public_key).decode()
         index["repo"]["fingerprint"] = public_key_fingerprint