Add to F-Droid

[licaon-kter]

Ref: https://gitlab.com/fdroid/rfp/-/issues/250

Is this something that is desired?

If YES, can implementation files('libs/bcprov-ext-jdk15on-165.jar') be replaced with implementation "org.bouncycastle:bcprov-ext-jdk15on:1.65"' ? (I mean if it's available in one of these ones: https://gitlab.com/fdroid/fdroidserver/blob/master/fdroidserver/scanner.py#L138 )

[textbrowser]

I briefly reviewed some of the mentioned repositories and BouncyCastle either does not exist or it's totally outdated.

The JAR file in Smoke's repository is downloaded from the official site.

Are there alternate methods for authenticating 3rd-party libraries?

[licaon-kter]

Depends, do you know any that hosts only FOSS artefacts?

Anyway, we can build from source ;)

[textbrowser]

From https://bouncycastle.org/:

"The Bouncy Castle Crypto APIs are looked after by an Australian Charity, the Legion of the Bouncy Castle Inc., which looks after the care and feeding of the Bouncy Castle APIs. Help us keep this effort Free, Open Source, and Maintained! Please see our donations page or purchase a support contract through Crypto Workshop. Requests to sponsor specific work on the APIs are also most welcome."

[textbrowser]

https://repo1.maven.org/maven2/org/bouncycastle/

[licaon-kter]

That does it, but it only gets 1.66 not 1.67, is that OK? I see a size difference in classes.dex, could you test the resulting APK for correctness? org.purple.smoke_20201115.zip

If that's ok, waiting for:

• proper tagged releases
• the app metadata (summary/description/images/changelog/etc) in a Fastlane or Triple-T folder structure

[textbrowser]

BC 1.66 is fine. Will try to test the APK today.

[textbrowser]

Testing now.

[textbrowser]

What's a proper tagged release?

[textbrowser]

[licaon-kter]

What's a proper tagged release?

Stuff that appears here: https://github.com/textbrowser/smoke/releases Where you add new releases, when you want, eg. this one looks fine afaics.

What's the picture about?

[textbrowser]

That's a test of your APK on a virtual device.

[textbrowser]

That does it, but it only gets 1.66 not 1.67, is that OK? I see a size difference in classes.dex, could you test the resulting APK for correctness? org.purple.smoke_20201115.zip

If that's ok, waiting for:

* proper tagged releases

* the app metadata (`summary/description/images/changelog/etc`) in a [Fastlane](https://gitlab.com/snippets/1895688) or [Triple-T](https://gitlab.com/snippets/1901490) folder structure

You requested a test.

[licaon-kter]

Yes, but I can start the app too, that's not the point...the problem is that I don't know how to use it....does it work after it starts? Does it connect? Does it send files? Text?

[textbrowser]

You need a server. Free servers are not provided, sorry.

1. Install SmokeStack on some device and define a local listener. Stack detects the device's IP if it's available.
2. Connect a bunch of Smoke instances to the listener in #1.
3. Define aliases in the Smoke instances. Aliases are used for exchanging public keys.
4. Press Share Keys or wait until the automatic exchange completes (prefer the manual approach as it's speedier).
5. After exchanging occurs, you can share files or chat with defined participants.
6. You can also share files to things like netcat or a passthrough device.

There's too much to cover. Let me see if I can create a video tutorial.

[textbrowser]

Smoke also connects to Spot-On and Spot-On-Lite. If you're clever, you can create a simple echo server such that it echoes data from one client to other clients; written in Python for example. Yah, lots to cover but not enough room here.

[textbrowser]

The documentation covers a lot of the details. But, people don't read. :)

[licaon-kter]

You need a server

Yes, I understand, but I hoped that you, being the developer, have such a setup that you can use to test this.

I'd like to help and get this into F-Droid, that's it.

[textbrowser]

:) Thanks you much.

[textbrowser]

smoke.d/fastlane/ └── metadata └── android └── en-US ├── changelogs │   └── 20201115.txt ├── full_description.txt ├── images │   ├── icon.png │   └── phoneScreenshots │   ├── smoke_1.png │   ├── smoke_2.png │   ├── smoke_3.png │   ├── smoke_4.png │   ├── smoke_5.png │   └── smoke_6.png └── short_description.txt

[textbrowser]

[licaon-kter]

Looks ok, two notes, keep short_description under 80 chars

Second, the pics will look rather hard to read on small screens, can you screenshot on a "normal" size device? Those look like a tablet

So the resulting APK is ok then?

[textbrowser]

The images are from Studio. I would have to recreate them using a phone.

Yes, I tried your APK on a virtual device. I was able to connect to a server. I didn't perform all the tests as that would be lots of work.

[licaon-kter]

Doesn't Studio have several devices to emulate? Use one that's more normalish :)

[textbrowser]

It does, I'm complaining about the work.

[licaon-kter]

Yes, screenshots are hard, keep these if good enough. ¯\_(ツ)_/¯

[textbrowser]

Added fastlane to SmokeStack.

[licaon-kter]

keep short_description under 80 chars

Umm ^^^ ?

[textbrowser]

That's a silly restriction. :)

[licaon-kter]

There's no reason to repeat that on top since just below you see the full description, in app details.

In the Search or Latest cards there's just a bit of space to say a couple of words anyway.

[textbrowser]

Short descriptions are now short. Compact images remain. I will remove BC source from SmokeStack as F-Droid has its own build process, right?

[textbrowser]

Added title.txt files.

[licaon-kter]

BC is pulled from a trusted by F-Droid maven repo, if that's stays up to date it will be ok, no source needed.

[textbrowser]

Let's use the current images for Smoke. New image for Stack. Thanks.

[textbrowser]

I think that covers Fastlane. Anything else?

[webermike]

Is this followup fullfilled for the fdroid channel?

[textbrowser]

Silence.

[licaon-kter]

A matter of time... or lack of it actually. :)

[licaon-kter]

Oh https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/

[textbrowser]

Smoke uses Java's PBKDF2. As for Argon2id, bcrypt is not used.

Thanks.

It's also corrected in 1.67. :P

[textbrowser]

So, Argon2id or PBKDF2. Both are OK until they're not.

[textbrowser]

BC is McEliece and Argon. That be it. I think.

Maybe TLS. No. Not TLS.

Anyway, TLS is optional also. Just a nice thing to have.

[textbrowser]

You receive confidentiality and integrity using UDP, which Smoke offers in multicast and unicast. Does not have DTLS. Spot-On does.

[textbrowser]

UDP does not work well with Android. Lots of drops. Steam works because it's reliable. Anyway, Steam is for file sharing.

[textbrowser]

TLS is Stack, which is via BC. Kind of a mixture of BC and Android Java libraries.

[textbrowser]

Now I have to explain this in documentation so I don't have to repeat it.

[textbrowser]

And JPAKE.

[textbrowser]

Completed. Closing. See Discussions for discussions. :)

[TheLastProject]

There is still a binary .jar file in https://github.com/textbrowser/smoke/tree/master/Smoke/app/libs, which is not allowed in F-Droid. Otherwise it's starting to look good to me (but I am new to Android packaging)

[licaon-kter]

@TheLastProject Yes, see gitlab rfp recipe

[textbrowser]

The JAR file is required for non-F-DROID people. If it's missing, Smoke will not work.