Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

F-Droid Support #6

Closed
cwmke opened this issue Oct 10, 2016 · 95 comments

Comments

@cwmke
Copy link

commented Oct 10, 2016

Any chance of adding this to F-droid?

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Oct 12, 2016

I am not sure if it is possible to support f droid (never heard of it until now, im an iOS user) with Xamarin. Anyone know? I couldn't find anything on it.

@kspearrin kspearrin added the question label Oct 12, 2016

@cwmke

This comment has been minimized.

Copy link
Author

commented Oct 13, 2016

Here's their developer documentation.

https://f-droid.org/wiki/page/FAQ_-_App_Developers

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Oct 14, 2016

I still do not really understand what you have to do to make the app work on f-droid? Is there some store I have to submit to?

@nikaro

This comment has been minimized.

Copy link

commented Oct 15, 2016

Last time i looked you just needed to have a repo with reproducile build, and submit a message on the forum to say you want your app to be added.

@IzzySoft

This comment has been minimized.

Copy link

commented Nov 8, 2016

@kspearrin if you'd just attach the .apk to your releases/, I could pick them up and add them to my repo, which is compatible with the F-Droid client. After the initial add, my auto-updater would fetch the next releases automatically within 24h usually. If your app finally makes it into the official F-Droid repo, and you want me to remove it from mine, just drop me a note.

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Nov 8, 2016

@IzzySoft I'll start doing that with the next release which should be very soon (maybe tonight).

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Nov 8, 2016

@IzzySoft When you say releases/, are you wanting me to create a releases/ directory inside the actual repo master branch root or are you wanting me to just attach the binary to the published release & tag (i.e. this page https://github.com/bitwarden/mobile/releases/tag/v1.0.0).

@IzzySoft

This comment has been minimized.

Copy link

commented Nov 8, 2016

@kspearrin the latter is preferrable, as described here. And thanks a lot!

@kspearrin

This comment has been minimized.

@IzzySoft

This comment has been minimized.

Copy link

commented Nov 9, 2016

@kspearrin There you go: https://apt.izzysoft.de/fdroid/index/apk/com.x8bit.bitwarden

Once F-Droid itself picked up and your app made it into the main repo, just drop me a note if you want me to remove it from mine again (e.g. to avoid confusion, as F-Droid compiles from the source and signs with their own key, one cannot cross-update between the two).

PS: Please note that other than F-Droid, I don't keep an "archive" of old versions. My usual policy is to reserve about up to 20M per app – so apps with 6M or less have a history of 3 versions (aka "max history"). As the bitwarden .apk is already 21M, my repo will just always have the latest version. But that should be fine: in those rare cases where someone might need an older version, that can be picked from releases/ here now :)

With the initial .apk added, updates should be picked up now within ~24h of their release (i.e. after you've created the tag and attached the file). Enjoy :)

PPS: Please note the VirusTotal link. Looks like a "false alert" (just triggered by 1/56 scanners), but just in case. Not that many hits if you search for it, and always only one and the same engine reporting it. If it were real, it'd rather look like this report :)

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Nov 9, 2016

Great. Interesting about the virus alert. I have no idea what W32/VBNA.alxm is.

@IzzySoft

This comment has been minimized.

Copy link

commented Nov 9, 2016

As far as my search went, it's supposed to be some worm usually shipping with Windows executables. IMHO a "false positive" caused by a too broad pattern matching on some signature. That's why I usually resubmit those .apk files for a rescan a few days later. Often clears the flag as the engine's signature database had been updated meanwhile.

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Apr 25, 2017

Submitted again here: https://gitlab.com/fdroid/rfp/issues/114

@Primokorn

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2017

@kspearrin bitwarden won't pass due to non-free dependencies. There are important differences between an open source app and a free/libre and open source app.
Inclusion Policy

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Apr 26, 2017

I'm a little confused. What non-free dependencies do we have?

@Primokorn

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2017

Google Analytics at least.

@IzzySoft

This comment has been minimized.

Copy link

commented Apr 26, 2017

@kspearrin According to LibRadar (used with my repository to check what libraries are contained), I see e.g. Google Mobile Services. Guess that's what AppBrain's scanner reports as Google Cloud Messaging (GCM)

@Primokorn Google Analytics wasn't detected by either of the two. Are you sure?

@Primokorn

This comment has been minimized.

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Apr 26, 2017

Ok. I guess I misinterpreted the definition of free here.

Google Play Services is also required for other functionality in our app like sync push notifications (GCM).

@Primokorn

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2017

Yes "free" doesn't mean "gratis" in this context
https://www.gnu.org/philosophy/free-sw.en.html

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Apr 26, 2017

Closing since this doesn't seem possible.

@kspearrin kspearrin closed this Apr 26, 2017

@IzzySoft

This comment has been minimized.

Copy link

commented Apr 26, 2017

@Primokorn Oh. Beat me. I was just wondering that neither AppBrain nor LibRadar mentioned that. Thanks for the pointer, need to update that in my repo description then (adding the AntiFeature).

@cwmke

This comment has been minimized.

Copy link
Author

commented May 5, 2017

Thanks for taking the time to look into this.

@IzzySoft

This comment has been minimized.

Copy link

commented May 9, 2017

@kspearrin Any reason why you stopped attaching the .apk to the corresponding releases? Without that, I cannot keep it updated in my repo 😸

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented May 9, 2017

Just forgot. Updated now.

@IzzySoft

This comment has been minimized.

Copy link

commented May 9, 2017

Thought so 😸 Thanks, should be picked up then tonight.

@mr-gosh

This comment has been minimized.

Copy link

commented Oct 23, 2017

We tried that too in the past and it really just works, if the app has functionality without the presence of the play store API for example...
if some things work but not everything it still can be submitted - but will get some "anti-feature" badges - which is ok...
...its a store for people who don't want to use a playstore account - are at least they want the ability to use the app without that...

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Oct 1, 2018

Well, I attempted to remove them completely. Maybe it didn't work. They are definitely disabled though. How do you get that output?

@IzzySoft

This comment has been minimized.

Copy link

commented Oct 2, 2018

It's a by-product of LibRadar (I'm using the V1 branch), which uses Apktool for this. From the code, the command seems to be

apktool decode -r <apkfile> -o <output-directory>

Above list basically is an excerpt of the recursive ls of the output directory.

@walkafwalka

This comment has been minimized.

Copy link

commented Dec 18, 2018

What else needs to be done for this?

@Gigadoc2

This comment has been minimized.

Copy link

commented Jan 23, 2019

What else needs to be done for this?

It seems that the F-Droid build servers can't build Xamarin Apps yet, so that probably needs to happen first.

@rakshazi

This comment has been minimized.

Copy link

commented May 22, 2019

@IzzySoft could you add bitwarden to your repo, please? Seems it missing right now.

@IzzySoft

This comment has been minimized.

Copy link

commented Jun 6, 2019

@rakshazi Nope: I've had it there and explicitly removed it. No bad feelings: but a password manager that comes with (proprietary) trackers is a no-go. And Bitwarden comes with more than one, unfortunately (when I last checked it were at least 4, see above). Though @kspearrin wrote they are disabled, the libraries are still present and thus show up in the details. With them being proprietary it's impossible to ensure nothing of their functionality remained active (and no, I don't suspect "bad intentions" from Bitwarden devs – I just don't trust the proprietary remains).

Further, apart from exceeding the size limit of my repo (20M per app – Bitwarden has 30M+), there're no longer APK files attached to the latest release, so I could not even fetch them would all else fit.

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 6, 2019

We include HockeyApp (for crash reporting) and Firebase Messaging (for live sync push notifications) libraries in the apps. HockeyApp is open source: https://github.com/bitstadium/HockeySDK-Xamarin . Parts of Firebase are open source, but I am not sure if their messaging SDK is. I am not sure what other alternatives exist to handle push notifications to the app, which is a critical function for keeping vaults in sync.

As for the app size, v2.0, which is in beta is reporting at about 28MB now. When distributed on Google Play, it is about 14MB.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 6, 2019

Well, f-droid main repo has very strict requirements about such things, but you can create your own repo (like bromite, nanodroid, etc) and serve apks from github pages.
About push notifications - you can create your own push server, like guys from Telegram FOSS Team did - they used non-google server and it does not require any gms components for really smooth work (I use telegram foss as main messenger without gapps at all).

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 6, 2019

If someone is familiar with how to host your own FDroid server, I'd be happy to look into setting one up.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 6, 2019

Sorry, never did it before, but found some docs and examples.

  1. Official f-droid tool: https://gitlab.com/fdroid/repomaker but it requires separate webserver to run
  2. Unofficial Firefox repo: https://gitlab.com/rfc2822/fdroid-firefox you can contact repo author with MR/PR to add bitwarden to that repo or fork it and maintain yourself. The best part of it - daily scheduled ci job that downloads new releases of apps and saves to own fdroid repo, served by gitlab pages (same as github pages)
@rakshazi

This comment has been minimized.

Copy link

commented Jun 6, 2019

@kspearrin added MR to rfc2822: https://gitlab.com/rfc2822/fdroid-firefox/merge_requests/8
Please, attach fdroid version of bitwarden to latest release, because ci job failed: https://gitlab.com/rakshazi/fdroid-firefox/-/jobs/226804803

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 6, 2019

@rakshazi Done.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 6, 2019

ok, it downloaded correctly in last job, so we need to wait for repo owner to merge it.

@IzzySoft

This comment has been minimized.

Copy link

commented Jun 6, 2019

@kspearrin if you prefer GUI, see my article Your own F-Droid Repository with Repomaker. I do not (yet) have one for setting up your own F-Droid Server in the "traditional way", though there should be one in F-Droid docs. That one could be integrated with CI as it can be controlled by command line. Basically, Repomaker includes the required binaries etc. as well (as it uses them as backend). @rakshazi Repomaker is not the "official F-Droid tool" (that would be fdroidserver) – and it does not require setting up a web server (it uses other means for hosting the repo, e.g. Github/GitLab).

As for the dependencies: Firebase Messaging is not open source (or it would be allowed by F-Droid main repo), AFAIK it requires (parts of) GMS. Crash reporting: So what for is GA included? And Google Ads? HockeyApp IMHO is still considered "Tracking", which I do not accept in my repo if it applies to an app dealing with sensitive information (not sure if F-Droid itself would permit it and just label it with the Tracking AntiFeature). Concerning the size: I make exceptions for that, and would make them for Bitwarden if the other issues can be considered "solved".

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 6, 2019

We don't use Google Analytics or Google Ads. Google Analytics was removed from the app earlier this year. Google Ads has never been used.

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 7, 2019

@rakshazi I had a go at running our own FDroid server via GitHub pages this evening. I was able to get something working as a test. See https://github.com/bitwarden/fdroid

https://bitwarden.github.io/fdroid/fdroid/repo?fingerprint=BC54EA6FD1CD5175BCCCC47C561C5726E1C3ED7E686B6DB4B18BAC843A3EFE6C

Seems to work in my test.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 7, 2019

@IzzySoft thank you for explanation
@kspearrin yep, it works like a charm, thank you!
Could you update readme and website with this repo information, please? You can use repo URL with fingerprint for button "Get it on F-Droid"

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 7, 2019

This repo is just for testing. I’ll work on getting something together for production now.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 7, 2019

OK, waiting for it :)
Please, update that issue with new information when it will be available

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 13, 2019

@IzzySoft Would you mind running your scanning tool on the latest 2.0.x releases to see if they still pick up any traces of Google of HockeyApp libraries on the fdroid apks? I tried implementing some more cleanup operations when building for FDroid and I think I might have resolved the issue.

@IzzySoft

This comment has been minimized.

Copy link

commented Jun 13, 2019

Looks good:

  • Xamarin (Development Framework)
  • Mono for Android (Development Framework)
  • SlidingMenu (UI Component)
  • Google Mobile Services (Development Framework)
  • Pdftron PDF Widget (Utility)
  • Android Design Support Library (Utility)
  • Android Support v13 (Development Framework)
  • Android Support v4 (Development Framework)
  • Android Support v7 (Development Framework)
  • Androidx Core (Utility)
  • Google Material Design (Utility)
  • Samsung Mobile SDK Pass (Fingerprint) (Utility)
  • Java.Interop (Utility)
  • FFImageLoading (Utility)
  • The Open Toolkit Library (Utility)

Re-established it in my repo, taking effect with the next sync tomorrow. As before, I'll just keep one version (as usually the per-app limit is 20M and Bitwarden already exceeds that with a single APK). Shall I link to your repo (e.g. for "older versions")?

If you have some more (non-framed) screenshots you wish to have added, please let me know (or if someone else wants to provide them). Considering the minimal screen estate on mobile devices, in my repo I don't want to waste it by "framings" but rather give users a chance to see details 😉

Thanks a lot, @kspearrin!

@kspearrin

This comment has been minimized.

Copy link
Collaborator

commented Jun 13, 2019

@IzzySoft You can download framed and unframed screenshots from here: https://github.com/bitwarden/brand/tree/master/screenshots


Closing this issue now.

Users can get Bitwarden on F-Droid through our F-Droid repo here: https://mobileapp.bitwarden.com/fdroid/

Or use another repo, such as @IzzySoft's.

@kspearrin kspearrin closed this Jun 13, 2019

@IzzySoft

This comment has been minimized.

Copy link

commented Jun 13, 2019

Thanks again! Will pick some from there and add them on my end. Besides: just added your repo to my Unofficial (and incomplete) list of F-Droid repositories 😉

App with screenshots should show up here again tomorrow.

@hovancik

This comment has been minimized.

Copy link

commented Jun 14, 2019

Successfully installed 2.0.3. I hope you will soon find replacement solution for background sync.

@rakshazi

This comment has been minimized.

Copy link

commented Jun 19, 2019

added to my own repo, too: https://fdroid.rakshazi.me (source: https://gitlab.com/rakshazi/fdroid ), daily updates

@DavHau

This comment has been minimized.

Copy link

commented Jul 14, 2019

Thanks to all involved people to make this project more FOSS.
I see this ticket has been closed, but hope there is still effort being made to get it onto the real F-Droid repo. I don't consider it a good solution to just use another repo. If the original F-Droid repo rejects the project, it means that there are potential security/privacy issues and they should be taken care of.

@rakshazi

This comment has been minimized.

Copy link

commented Jul 14, 2019

If you read the issue discussion, you can find that the only problem with fdroid main repo is xamarin. Fdroid build server does not support it. BTW, check the related issue on fdroid gitlab.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.