[guardian-dev] about using dev and onion in f-droid

Hans-Christoph Steiner hans at guardianproject.info
Thu Aug 21 12:42:13 EDT 2014 

When f-droid sees a .onion address, it automatically sets Tor as the proxy for
that connection.

I don't recommend having multiple repositories enabled, the f-droid.org
signing key will conflict with ours, causing confusion like you are getting.

.hc

shmick at riseup.net wrote:
> and the thing is when i uninstall orbot (which is the only way to
> update) and then attempt to install it without using the f-droid proxy
> option, i then can't install the latest because its only in the .onion
> repo and not additionally in the s3 repo !
> 
> i dont think they're sync'd
> 
> disabling the .onion GP offline repo -> latest orbot = 14.0.5.2
> 
> 14.0.6 is only available from the .onion repo but you need to have orbot
> installed !
> 
> here's the killer - f-droid actually showed download progress when i
> tried to download 14.0.6 from the .onion repo with proxy disabled !!!
> 
> not stoned - got the screengrab too ;-)
> 
> ya'll have a good W.E. GP
> 
> que sera sera / laissez-faire
> 
> 
> shmick at riseup.net wrote:
>>
>>
>> Hans-Christoph Steiner wrote:
>>>
>>>
>>> Nathan of Guardian wrote:
>>>>
>>>>
>>>> On 08/02/2014 09:10 AM, Hans-Christoph Steiner wrote:
>>>>> As for the corrupted download, I haven't seen those really at all, maybe once
>>>>> or twice.  Can you send more info?
>>>>
>>>> Could the corrupted download be actually an issue with each repo having
>>>> a different signing key?
>>>
>>> Yeah, is the error saying it is signed by a different key, or bad install?
>>
>> i have 3 repos from GP active now - no more nightly - and 2 f-droid
>>
>> name reported in repos
>> "the GP..."
>> 2x "GP offline..."
>>
>> so with these 3 when i attempt to update orbot from 14.0.5.3 to 14.0.6 i
>> cant because 14.0.6 is signed with a different key
>>
>> using f-droid 0.71
>>
>> ps i have a lot of orbot debug logs i will hopefully PM when i have a chance
>>
>>>
>>>
>>>> Nightlies is signed by our online debug key, while our official repos
>>>> are signed by our offline release key.
>>>>
>>>> You should really choose one or the other for now.
>>>
>>> Yes, definitely.  A device should only have the test repo or the official
>>> repo, but not both.
>>>
>>> .hc
>>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/shmick%40riseup.net
>>
>> You are subscribed as: shmick at riseup.net
>>
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Guardian-dev mailing list