Grimler91
commented
2 years ago Hm, will users even be able to install the next released version of termux-app, or will the next apk be incompatible with the current one?
Open tareksander opened 2 years ago
Grimler91
commented
2 years ago Hm, will users even be able to install the next released version of termux-app, or will the next apk be incompatible with the current one?
ghost
commented
2 years ago Just curious: does F-Droid allows for third parties to publish their APK and use signature key of other application? If so, F-Droid has problems... However from what I see here, that's expected behavior. Your Termux:GUI does not belong to @termux and therefore may not use shared signature. No one should be able to release add-on outside of @termux with a signature of Termux app.
On side note: applications with shared user and signature can access private data of each other.
tareksander
commented
2 years ago I read the f-droid docs further and apparently it generates a signing key for each application, but that can be overwritten.
That seems to be set up for the other plugins so they all have a matching signature, so the signature incompatibility only applies to Termux:GUI.
That means that at the moment Termux:GUI is only compatible with the Github builds.
Can I move it to @termux and look into how to get it signed with the right key?
I use the shared user id to secure the plugin so only Termux can access it, permission-based security is out of the question because I can't just add a new permission to an app (Termux) that doesn't request it in its manifest.
Grimler91
commented
2 years ago I tried looking at other apps that use have plug-in/add-on apps. There's not really many to compare with, but for at least one they seem to have solved it by not signing the apks at all (or maybe it is for an unrelated reason, they are almost 10 years old): jp.co.kayo.android.localplayer, jp.co.kayo.android.localplayer.ds.ampache, jp.co.kayo.android.localplayer.ds.podcast
Can I move it to @termux and look into how to get it signed with the right key?
Sounds like a plan, I think your plugin would be a nice addition!
ghost
commented
2 years ago @tareksander Yes, you can transfer it. Also we will need to do something with https://www.f-droid.org/en/packages/com.termux.gui/ to let F-Droid pick new source and use shared key.
tareksander
commented
2 years ago I moved the repo now. I already have a PR open at f-droid for this and updated the repo URL, and I can link this thread if they want proof that the Termux authors allow the app to be signed with the same key.
dontknowhy
commented
2 years ago But it always happen Even main termux-app
ghost
commented
2 years ago @dontknowhy What do you mean exactly?
Termux uses shared user installation mode for application and all add-ons, which means:
Play Store, F-Droid and GitHub are three primary installation sources and each has own signature key.
Therefore you can't install or upgrade Termux application or add-ons from Play Store over existing F-Droid or GitHub installations or in any other combination. Source must be same. To switch installation source everything (app + plugins) must be completely uninstalled first.
Third party plugins do not have access to release keys used by Play Store or F-Droid. GitHub uses insecure development key which was intentionally added to this repository (termux-app) as well as to repositories of add-ons (termux-api, termux-styling, etc) to make preview of app development snapshots easier.
ghost
commented
2 years ago @tareksander This needs a fix:
You are using leaked development key for release signature.
yonderbread
commented
2 years ago What if there was some sort of manager app for updating/administration of termux and it's addons and components?
tareksander
commented
2 years ago @tareksander This needs a fix:
You are using ~leaked~ development key for release signature.
I fixed that now, but I don't think that solves the f-droid signature problem.
What if there was some sort of manager app for updating/administration of termux and it's addons and components?
That would only work if the app would sign and install apks itself, and having the signing key on your device is a bad idea.
ghost
commented
2 years ago I fixed that now, but I don't think that solves the f-droid signature problem.
It fixes local builds signature, i.e. ./gradlew assembleRelease. Release builds are normally unsigned or signed with release key which shouldn't be same as debug one.
F-Droid handles apps differently. Perhaps resolving issue may require deleting and then re-publishing the app. Have you reported the issue to F-Droid? If so, would be better to provide link here.
Signature issue won't be resolved automatically and needs intervention from F-Droid staff side.
tareksander
commented
2 years ago I have this MR over at f-droid. It seems signing apps with the same key can't be done with the metadata and requires special handling in the signing process.
imaami
commented
2 years ago Going slightly off topic, but is this signature issue the reason for why Termux 0.118 isn't on F-Droid yet?
agnostic-apollo
commented
2 years ago The termux-app v0.118.0 is already on F-Droid. Pull down from the top in the Updates tab for the update to show if using F-Droid app.
https://www.reddit.com/r/termux/comments/s266li/dev_termux_v01180_release/
X7md
commented
2 years ago Any progress?
j-romchain
commented
2 years ago What if there was some sort of manager app for updating/administration of termux and it's addons and components?
This could work to put termux back on the play store! Just make a repo of signed things with a secure key (as opposed to the device key) and download and install them in a small downloader/manager app. The 2nd app could even be bypassed by manually downloading...
sls1005
commented
2 years ago This could work to put termux back on the play store!
No it couldn't. An app from Play Store may not download/install another app, according to the policy. That's why F-Droid cannot be installed from Google Play.
sylirre
commented
2 years ago There's a bit different issue with Play Store. It requires applications to be compiled with target API level more than 29. But that's completely unsuitable for Termux application. If target API level is higher than 28, it becomes completely unusable on devices running Android 10 and higher. That's all due to new SELinux policies taking place.
https://github.com/termux/termux-packages/wiki/Termux-and-Android-10
Another issue is that we don't have access to Play Store account where Termux is published. We will need to change application name and package name (application id) in order to be able publish it into the new account.
Problem description
I got Termux:GUI included into F-Droid, but it seems the signing key was changed between the last Termux update and the inclusion, leading to signature errors. I created an issue here because that would also be a problem when an update to Termux or any other plugin is released, because the new releases will be signed with the different key. A solution would be to create dummy updates for the app and all plugins at the same time that just bump the version, so they are all signed with the new key. Users would then have to uninstall all plugins, update the app and then reinstall the plugins, but I think it's better to do that in a controlled way than just having an uninstallable Termux or plugin update.
Here are the apk signatures:
There is also another app on F-Droid with plugins that use sharedUserId that has the same problem: https://gitlab.com/fdroid/fdroiddata/-/issues/2457
The concrete error in logcat is this:
Steps to reproduce the behavior.
Try to install Termux:GUI from F-Droid.
What is the expected behavior?
It installs like any other plugin.
System information