handle multiple APKs per repo differing only by signing key
The client database needs to support a single repo that serves multiple copies of the exact same APK, with the only different being the signing key. This is needed to provide a smooth transition to the upstream developer's signing key, away from the fdroid signing key, once an app has been added via the reproducible process.
The basic idea is:
- host both fdroid and upstream APKs in the same repo
- new metadata for "preferred signing key"
- for new installs, then client chooses the APK signed by the preferred key
- for upgrades, the client chooses the APK signed by the key that matches the currently installed APK
@pserwylo Re: the scrum yesterday
Edited by Hans-Christoph Steiner