Comments (25)
Yes
from mastodon-android.
GitHub's API documentation seems to contradict reality 🤔
from mastodon-android.
READ_EXTERNAL_STORAGE is granted implicitly (indicated by the trailing *) due to WRITE_EXTERNAL_STORAGE. Could you please clarify what this is needed for?
For saving images from the media viewer. The image is already cached so I just copy it to the external storage from my cache to avoid downloading it a second time. I don't ever use or request READ_EXTERNAL_STORAGE.
Further, and much more problematic is REQUEST_INSTALL_PACKAGES; what apps are you installing there?
App's own updates. Only added for githubRelease
/githubDebug
flavors.
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
What's the point of it being a thing then? 🤔
from mastodon-android.
Thanks @grishka – and apologies for the late reply: it seems GH loses some notifications 😢
- r/w storage: Thanks, set accordingly here
App's own updates. Only added for
githubRelease
/githubDebug
flavors.
Is there an APK available without that self-updater? Like in F-Droid, the inclusion policy in my repo speaks against those.
What's the point of it being a thing then?
You'll have to ask Google, it's signed with their key. Probably something something proprietary-issue-with-Playstore, idk. Apart from Google, nobody can even read it anyway. So being a proprietary blob, it should rather not be inside a FOSS APK 😉 (there's even more to those blobs, but that goes beyond this issue here).
from mastodon-android.
Is there an APK available without that self-updater? Like in F-Droid, the inclusion policy in my repo speaks against those.
Yes, just build the release
flavor. The self-updater is the only difference between release
and githubRelease
.
from mastodon-android.
You forget that i just run a binary repo. No build environment here. So I need to grab the APK from you.
from mastodon-android.
Oof. Well, I plan to setup a CI pipeline eventually, so you'll be able to grab apks from there. Probably even eutomatically. In the meantime, here's the latest one:
mastodon-release.apk.zip
from mastodon-android.
Thanks @grishka – but my updater cannot grab from pipelines. It can grab from releases, from a directory inside the repo – or from "fixed URLs" (which may redirect to the real one). So maybe your CI/release workflow could include that APK with releases?
from mastodon-android.
So maybe your CI/release workflow could include that APK with releases?
I deliberately don't want to make a release
apk easily available to users because then, not knowing the difference between flavors, they will install it and get stuck on that version because there's no self-updater.
from mastodon-android.
Understood. Then maybe I remove it from my repo and F-Droid users have to rely on F-Droid.org instead (including the delayed updates)? Alternatively you could make the updater opt-in (if it isn't already): have a bool option for that (initially null
), when null
ask whether to enable, then store (and allow changing via settings) – including proper explanations? You know, "informed and explicit consent" and all that 😉 Giving you an example from a different app:
from mastodon-android.
Then maybe I remove it from my repo and F-Droid users have to rely on F-Droid.org instead (including the delayed updates)?
That would be cumbersome. If you need a fixed URL, I can set up an endpoint on my personal server that would redirect to the apk from the latest CI run (and maybe move it to joinmastodon.org later, I will need to ask the team). Will that work?
Alternatively you could make the updater opt-in (if it isn't already)
I'm not sure how to properly integrate that into the UI. I definitely don't want a modal that pops up by itself like on your screenshots. Forcefully diverting user's attention like that is one of the worst UX sins for me. Besides, there isn't the usual "they may track you" concern, it's just an unauthenticated GitHub API request. If I were to make a setting for that, it would be opt-out.
from mastodon-android.
If you need a fixed URL, I can set up an endpoint on my personal server that would redirect to the apk from the latest CI run (and maybe move it to joinmastodon.org later, I will need to ask the team). Will that work?
Sure, that would work fine – provided the fixed URL also sends a LAST_MODIFIED
header.
Besides, there isn't the usual "they may track you" concern, it's just an unauthenticated GitHub API request
It's not so much the tracking part there, though that also plays into it. Those "side-loaded" updates would bypass all scans performed in my repo – which are not done because I mistrust you, but because everybody can miss something.
If I were to make a setting for that, it would be opt-out.
Which would not be compatible with the inclusion criteria on either F-Droid or my repo. But as said above: a fixed URL providing the last-modified flag would do for me, even long-term if needed. It just needs to be "stable" then: should it disappear, I have no idea where to look – while at releases here I could see at least if the file is gone or just the naming pattern changed 😉 But as I can reach you here in such a case, this would be a good compromise for both of us I'd say?
from mastodon-android.
I got CI working: https://github.com/mastodon/mastodon-android/actions/runs/8117973419
But apparently, it isn't possible to download artifacts as-is. They are put into zip archives even if it's just a single file because reasons. See actions/upload-artifact#14
The API doesn't allow it either:
The :archive_format must be zip.
Are you okay with having to extract the apk from a zip archive?
from mastodon-android.
Are you okay with having to extract the apk from a zip archive?
My updater does not support that unfortunately. But a quick search on "github workflow release apk" returns some interesting results, maybe you could use one of those? example 1, example 2, step-by-step guide
from mastodon-android.
This puts it into releases, which is something I explicitly don't want. I don't want to make non-self-updating apks easily available to users because they will install them and then get stuck on that version. This is why only githubRelease
ones go there.
I suppose I can have a cron job webhook handler on my server that would periodically check for new CI artifacts and download and unzip them if there are any.
from mastodon-android.
This puts it into releases
I saw that. But not being familiar with Github actions/CI I thought maybe that step could be replaced somehow 😢
I don't want to make non-self-updating apks easily available to users because they will install them and then get stuck on that version.
That could happen via the F-Droid website (or mine) then as well – though it's less likely there than it might be with the Github releases page, yeah… Thanks for looking into a viable approach, @grishka!
from mastodon-android.
That could happen via the F-Droid website (or mine) then as well
The idea is that because F-Droid manages updates for apps it installed, it's perfectly fine to have a non-self-updating apk there.
from mastodon-android.
Sure, got that. Same with my repo 😉
from mastodon-android.
I haven't made the thing on my server yet, but you can grab the apk for 2.4.1 from here: https://github.com/mastodon/mastodon-android/actions/runs/8176605132
from mastodon-android.
Shall I disable automatic update checks in my repo then until the final link becomes available? Else the APK would be replaced from here should you make a new release. Won't happen of course if I put the new one into the repo before it shows up here.
Oof. Cannot download via wget
as that seems to be some JavaScript circus. Have to click the link in the browser, store locally, then go where it's stored, unzip, then push the file over… OK, have replaced it now, thanks!
from mastodon-android.
@grishka ^^ (just in case the notification didn't reach you – looks like several got lost for me and others as well).
from mastodon-android.
Shall I disable automatic update checks in my repo then until the final link becomes available?
Yes, it would make sense
from mastodon-android.
To not fall back too far, I've set it to "Static" now (which means "monthly checks" instead of "daily checks" of my updater). So the next check would be in 14 days from now (static run is on the 1st of each month around 2 am UTC).
Does that give you sufficient time? I just want to ensure my repo doesn't "fall too much behind" should this issue be "forgotten" (buried in the heap of work).
from mastodon-android.
So apparently this is a "known issue" that's been ignored for 4 years... yikes.
actions/upload-artifact#51
from mastodon-android.
Like several others 😢 There are still notifications lost. Releases disappear (you can see them when you have the URL, but they are not listed at the release page; you can reach them via their tags, though; this happens when you delete a release and re-create it with the same name, in some cases)…
from mastodon-android.
Related Issues (20)
- Gif size increase request
- Webp gifs
- Web app vs app store app gallery selection
- Gif auto play on app
- The wrong avatars for nickname search result. HOT 1
- Can't add pixelfed.social acount HOT 1
- Follower time record
- Emote crash HOT 1
- Please fix featured hashtags glitch HOT 9
- Include toot text when sharing to other apps
- I have received 404 and 405 error notices for over one year now. HOT 1
- QR code scanning does not work on MicroG / Degoogled devices HOT 2
- Translate alternative text
- Auto play animated gifs HOT 2
- [Feature Request] Please add options to hide boosts and replies in timeline
- Feature request: copy alt text HOT 3
- Translating an Auschwitz Memorial post crashes the Android app HOT 4
- Instance information page crashes if thumbnail is null
- Is it any issue? HOT 1
- Is it any issue?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mastodon-android.