F-Droid asking for permission to install from unknown sources during update

[gerrix1701]

Preliminary checklist

• [X] I have read the README.
• [X] I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
• [X] I have updated Bromite to the latest version. The bug is reproducible on this latest version.

Can the bug be reproduced with corresponding Chromium version?

No

Bromite version

96.0.4664.183

Device architecture

arm64

Android version

12

Device model

Pixel 4a 5G

Changed flags

no flags changed

Is this bug about the SystemWebView?

No

Is this bug happening in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

No.

Describe the bug

Update from version 96.0.4664.54 to 96.0.4664.104 or 96.0.4664.183 via F-Droid unattended updates does not work anymore. F-Droid is asking for permission to install software from unknown sources. Usually "F-Droid Privileged Extension" is taking care and there is no reason for F-Droid store it self do update an app. This issue arises only for Bromite repository, all others work fine with "F-Droid Privileged Extension". Maybe it's something similar as with #1491 ?

Steps to reproduce the bug

1. Use F-Droid repo to install Bromite
2. Install version 96.0.4664.54
3. Update to either version 96.0.4664.104 or 96.0.4664.183
4. F-Droid store will ask for permission to install from unknown sources

Expected behavior

During update F-Droid should not ask for permission to install from unknown sources, "F-Droid Privileged Extension" should take care of the update.

Screenshots

No response

[kokukyocho]

Hello @gerrix1701!

I am a bot :robot:

Thanks for submitting this issue! I noticed that it is missing the template, please edit the issue to match the template for either a bug or a feature request; the issue will be automatically re-opened afterwards.

If this is not an issue nor a feature request and you want to start a discussion then you can use GitHub Discussions.

Tip: if you use GitHub in Desktop mode the template will be proposed to you when submitting issues.

Additionally, this issue seems to be a duplicate of the following ones:

• 1797 (created by you 1696 minutes ago)

[csagan5]

This issue arises only for Bromite repository, all others work fine with "F-Droid Privileged Extension". Maybe it's something similar as with #1491 ?

Most likely, yes.

[gerrix1701]

Just checked: same issue when trying to update from 96.0.4664.54 (I'm still on that version) to 97.0.4692.106.

[csagan5]

Perhaps someone needs to run ApkVerifier like @chirayudesai did back then to spot what permission is missing; it is not BLUETOOTH_ADMIN this time.

[lipici]

Hello, i read you can install bromite from f-droid but look :

I cant find nothing whwn i search for bromite. Thank you.

[gerrix1701]

I'm not sure if this is related, @lipici. You'd have to add the Bromite F-Droid repo.

I tried to get ApkVerifier but I guess you have to compile from source. Part of F-Droid store apk? I tried to configure a build environment but as I'm not a developer I failed :-( Maybe someone with better skills will kindly step in?

[lipici]

I resolved, i did what you said and its ok now. Thanks.

[gerrix1701]

Same for version 98.0.4758.108 on upgrade or clean install. I also checked Chromium package which is affected as well.

[chirayudesai]

Perhaps someone needs to run ApkVerifier like @chirayudesai did back then to spot what permission is missing; it is not BLUETOOTH_ADMIN this time.

That one needs a debug F-Droid build, however when I added that patch I added some more logging to the release builds as well.

To the folks having issues: Can you confirm that you're on F-Droid 1.14

If not, you should update. If it still happens, can you get a logcat right after you try to install? That should give us a hint about the issue at least.

[gerrix1701]

Yes, I'm on F-Droid 1.14 (the one which comes with CalyxOS 3.20). I will try to generate the logs tomorrow.

[gerrix1701]

I've tried to gather the log. Kindly let me know it this is OK or if anything is missing. (I've just added the part which is dealing with the Bromite apk.) Thanks!

logcat2.txt

[chirayudesai]

logcat2.txt

It is indeed hitting the same issue,

org.fdroid.fdroid.installer.ApkVerifier$ApkPermissionUnequalException: Permissions in APK and index.xml do not match

A debug build of fdroidclient would also print both of the lists to show the exact issue.

[csagan5]

This is the badging for the arm64 ChromePublic: arm64_ChromePublic.apk.txt

These are the corresponding permissions in index.xml:

<permissions>ACCESS_COARSE_LOCATION,ACCESS_FINE_LOCATION,ACCESS_NETWORK_STATE,CAMERA,CHANGE_NETWORK_STATE,DOWNLOAD_WITHOUT_NOTIFICATION,FOREGROUND_SERVICE,INTERNET,MODIFY_AUDIO_SETTINGS,NFC,QUERY_ALL_PACKAGES,READ_EXTERNAL_STORAGE,RECEIVE_BOOT_COMPLETED,RECORD_AUDIO,VIBRATE,WAKE_LOCK,WRITE_EXTERNAL_STORAGE,org.bromite.bromite.permission.READ_WRITE_BOOKMARK_FOLDERS,org.bromite.bromite.TOS_ACKED,com.chrome.permission.DEVICE_EXTRAS,com.android.launcher.permission.INSTALL_SHORTCUT</permissions>

They match the non-sdk23 permissions; perhaps the problem is that there are no <uses-permission /> and <uses-permission-sdk-23 /> tags? But there have never been before.

[csagan5]

Did anyone figure out what is missing?

[chirayudesai]

Did anyone figure out what is missing?

The issue is with BLUETOOTH_ADMIN again.

If I unzip index-v1.jar and check index-v1.json (That's what modern clients use), it's indeed under uses-permission-sdk-23 but not uses-permissions.

An F-Droid repo I run with the same Chromium versions has it just fine under uses-permissions, and thus installs and updates work.

Index: https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo/index-v1.json

It's built using fdroidserver 2.0

[csagan5]

Thank you for taking the time to look into this; the badging of TrichromeChrome.apk mentioned in that Calyx index-v1.json is this:

package: name='org.chromium.chrome' versionCode='484408833' versionName='99.0.4844.88' platformBuildVersionName='12' platformBuildVersionCode='31' compileSdkVersion='31' compileSdkVersionCodename='12'
sdkVersion:'29'
targetSdkVersion:'31'
uses-permission: name='android.permission.ACCESS_COARSE_LOCATION'
uses-permission: name='android.permission.ACCESS_FINE_LOCATION'
uses-permission-sdk-23: name='android.permission.ACCESS_WIFI_STATE'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission-sdk-23: name='android.permission.BLUETOOTH_ADMIN' maxSdkVersion='30'
uses-permission-sdk-23: name='android.permission.BLUETOOTH_CONNECT'
uses-permission-sdk-23: name='android.permission.BLUETOOTH_ADVERTISE'
uses-permission-sdk-23: name='android.permission.BLUETOOTH'
uses-permission-sdk-23: name='android.permission.BLUETOOTH_SCAN'
uses-permission-sdk-23: name='android.permission.READ_CONTACTS'
uses-permission-sdk-23: name='android.permission.REORDER_TASKS'
uses-permission-sdk-23: name='android.permission.REQUEST_INSTALL_PACKAGES'
uses-permission: name='android.permission.CAMERA'
uses-permission: name='android.permission.CHANGE_NETWORK_STATE'
uses-permission: name='android.permission.DOWNLOAD_WITHOUT_NOTIFICATION'
uses-permission: name='android.permission.FOREGROUND_SERVICE'
uses-permission: name='android.permission.GET_ACCOUNTS'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.MANAGE_ACCOUNTS'
uses-permission: name='android.permission.MODIFY_AUDIO_SETTINGS'
uses-permission: name='android.permission.NFC'
uses-permission: name='android.permission.QUERY_ALL_PACKAGES'
uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
uses-permission: name='android.permission.READ_SYNC_SETTINGS'
uses-permission: name='android.permission.READ_SYNC_STATS'
uses-permission: name='android.permission.RECEIVE_BOOT_COMPLETED'
uses-permission: name='android.permission.RECORD_AUDIO'
uses-permission: name='android.permission.USE_CREDENTIALS'
uses-permission-sdk-23: name='android.permission.USE_BIOMETRIC'
uses-permission-sdk-23: name='android.permission.USE_FINGERPRINT'
uses-permission: name='android.permission.VIBRATE'
uses-permission: name='android.permission.WAKE_LOCK'
uses-permission: name='android.permission.WRITE_EXTERNAL_STORAGE'
uses-permission: name='android.permission.WRITE_SYNC_SETTINGS'
uses-permission: name='org.chromium.chrome.permission.C2D_MESSAGE'
uses-permission: name='org.chromium.chrome.permission.READ_WRITE_BOOKMARK_FOLDERS'
uses-permission: name='org.chromium.chrome.TOS_ACKED'
uses-permission: name='com.chrome.permission.DEVICE_EXTRAS'
uses-permission: name='com.google.android.c2dm.permission.RECEIVE'
uses-permission: name='com.android.launcher.permission.INSTALL_SHORTCUT'
uses-permission: name='com.google.android.apps.now.CURRENT_ACCOUNT_ACCESS'
application-label:'Chromium'
[...]
application: label='Chromium' icon='res/mipmap-mdpi-v4/app_icon'
uses-static-library: name='org.chromium.trichromelibrary' version='484408834' versionMajor='0' certDigest='a856485079bcb357bfbe69ba19a9ba43cd0ad9ab226752c780b6888afd48216b'
feature-group: label=''
  uses-gl-es: '0x20000'
  uses-feature-not-required: name='android.hardware.camera'
  uses-feature-not-required: name='android.hardware.location.gps'
  uses-feature-not-required: name='android.hardware.microphone'
  uses-feature-not-required: name='android.hardware.screen.landscape'
  uses-feature-not-required: name='android.hardware.sensor.accelerometer'
  uses-feature-not-required: name='android.hardware.sensor.gyroscope'
  uses-feature-not-required: name='android.hardware.touchscreen'
  uses-feature-not-required: name='android.hardware.vr.headtracking' version='1'
  uses-feature-not-required: name='android.hardware.vr.high_performance'
  uses-feature-not-required: name='android.software.vr.mode'
  uses-feature-sdk-23: name='android.hardware.bluetooth'
  uses-implied-feature-sdk-23: name='android.hardware.bluetooth' reason='requested android.permission.BLUETOOTH permission, requested android.permission.BLUETOOTH_ADMIN permission, and targetSdkVersion > 4'
  uses-feature: name='android.hardware.location'
  uses-implied-feature: name='android.hardware.location' reason='requested android.permission.ACCESS_COARSE_LOCATION permission, and requested android.permission.ACCESS_FINE_LOCATION permission'
  uses-feature: name='android.hardware.screen.portrait'
  uses-implied-feature: name='android.hardware.screen.portrait' reason='one or more activities have specified a portrait orientation'
  uses-feature-sdk-23: name='android.hardware.wifi'
  uses-implied-feature-sdk-23: name='android.hardware.wifi' reason='requested android.permission.ACCESS_WIFI_STATE permission'
provides-component:'app-widget'
provides-component:'search'
other-activities
other-receivers
other-services
supports-screens: 'small' 'normal' 'large' 'xlarge'
supports-any-density: 'true'
locales: '--_--' 'af' 'am' 'ar' 'as' 'az' 'be' 'bg' 'bn' 'bs' 'ca' 'cs' 'da' 'de' 'el' 'en-GB' 'en-US' 'es' 'es-US' 'et' 'eu' 'fa' 'fi' 'fr' 'fr-CA' 'gl' 'gu' 'hi' 'hr' 'hu' 'hy' 'in' 'is' 'it' 'iw' 'ja' 'ka' 'kk' 'km' 'kn' 'ko' 'ky' 'lo' 'lt' 'lv' 'mk' 'ml' 'mn' 'mr' 'ms' 'my' 'nb' 'ne' 'nl' 'or' 'pa' 'pl' 'pt' 'pt-BR' 'pt-PT' 'ro' 'ru' 'si' 'sk' 'sl' 'sq' 'sr' 'sr-Latn' 'sv' 'sw' 'ta' 'te' 'th' 'tl' 'tr' 'uk' 'ur' 'uz' 'vi' 'zh-CN' 'zh-HK' 'zh-TW' 'zu'
densities: '160' '240' '320' '480' '640' '65534' '65535'
native-code: 'arm64-v8a'
alt-native-code: 'armeabi-v7a'

The Calyx index-v1.json does not have BLUETOOTH_ADMIN under uses-permission:

        "uses-permission-sdk-23": [
          [
            "android.permission.ACCESS_WIFI_STATE",
            null
          ],
          [
            "android.permission.BLUETOOTH_ADMIN",
            30
          ],
          [

It is under uses-permission-sdk-23, and the same is for Bromite's index-v1.json (except for that 30, the max SDK version, which should be fixed on next release), so I cannot confirm that it is the same issue as last time (in #1491 uses-permission-sdk-23 was missing altogether).

I will try to compare the generated JSON with fdroidserver 2.0 and figure out if there is any difference.

[chirayudesai]

The Calyx index-v1.json does not have BLUETOOTH_ADMIN under uses-permission:

You're right, my bad, I ended up looking at two other apps in our repo which have this under uses-permission.

I don't see any other differences apart from the 30, so that should probably fix it.

[csagan5]

It now has the correct maxSdkVersion; can someone please confirm/deny whether issue is still present or not?

[chirayudesai]

It now has the correct maxSdkVersion; can someone please confirm/deny whether issue is still present or not?

Works, M100 installed fine.

Note: You may have to refresh F-Droid repos manually once, and/or clear cache, if it doesn't work on first try.

[gerrix1701]

Yes, it's working now. Just upgraded to latest version (Pixel 4a5G). Thanks!

[csagan5]

Thanks for testing and for reporting the issue!