Feature #2619
add/check fingerprint when adding repo
| Status: | Closed | Start date: | 11/21/2013 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | hans | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.1 - "Kerplapp" | |||
| Component: |
Description
When adding a new repo, first check that URL does not already exist with a different fingerprint, then add the new repo with the URL and fingerprint. Upon first socket connection to the repo, check the received pubkey against the stored fingerprint and throw and error if they do not match. The fingerprint would then remain in the DB so it can be used for comparisons whenever there was an incoming new repo.
- remember to bump the dbvercode and update the repo table
History
#1 Updated by hans about 4 years ago
- Status changed from New to Closed
I ended up implementing it differently. I converted the fingerprint from SHA-1 to SHA-256, and now its stored in the app database of repos. When a new repo is being added, it checks he database to see if the URL exists in there, and whether the fingerprint matches.
https://gitorious.org/f-droid/fdroidclient/merge_requests/43
#2 Updated by hans about 4 years ago
I added UI support for fingerprints here:
https://gitorious.org/f-droid/fdroidclient/merge_requests/45