F-Droid Privileged Extension signatures

Added by Ellen Ripley 6 days ago


I have just upgraded my Replicant phone (Galaxy S3) to Replicant 6.0 -and I am very happy about it! When I open F-Droid, it says there is an update available for F-Droid Privileged Extension. The installed version of F-Droid Priviledged Extension is 0.2.4, the new one available is 0.2.5. I press the Upgrade button and it shows:

"The new version is signed with a different key to the old one. To install the new version, the old one must be uninstalled first. Please do this and try again. (Note that uninstalling will erase any internal data stored by the application)"

When looking a bit more into it, I can also see:

"Signed: 4f8135124ff61b24b85749e368ce7f0d"

I guess that signature is for Version 0.2.5. I'm not sure, when I press on "Version 0.2.4 - Installed (from unknown source)" then F-Droid crashes.

Why are they signed with different keys?
What should I do?

Thank you.

Replies (2)

RE: F-Droid Privileged Extension signatures - Added by Wolfgang Wiedmeyer 6 days ago

The crash definitely shouldn't happen. The same crash also happens when pressing the uninstall button and upstream F-Droid is aware of that: https://gitlab.com/fdroid/fdroidclient/issues/755

Replicant 6.0 ships the privileged extension. It is built from source as part of an image build for a device and is signed with one of the keys used for the release. You can find them on the ReplicantImages page. The privileged extension, that you would install from F-Droid if the update would work, is signed with their release key which is different.

For now, you probably can't do much without manually removing some files and this is likely not worth it. Updating or uninstalling the extension from F-Droid obviously doesn't work (yet). And the improvements that come with the new version seem to only include some translation changes for a few languages and changes related to the creation of an update zip for installation through the recovery which isn't relevant for Replicant anyway. The improvements can be followed here.

The next Replicant 6.0 update will include an updated privileged extension.

RE: F-Droid Privileged Extension signatures - Added by Jeremy Rand 3 days ago

I've encountered this issue as well (I didn't try to uninstall the old version, so can't confirm whether it crashes for me). Wolfgang, is there a reason why Replicant doesn't just ship the APK that's signed by F-Droid? If the issue is security concerns, would Replicant reconsider this policy once F-Droid's reproducible builds effort has progressed further?