This manual is for the F-Droid repository server tools.
Copyright © 2010, 2011, 2012, 2013 Ciaran Gultnieks
Copyright © 2011 Henrik Tunedal, Michael Haas, John Sullivan
Copyright © 2013 David Black
Copyright © 2013, 2014 Daniel Martí
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
|• System Requirements:|
|• Simple Binary Repository:|
|• Building Applications:|
|• Importing Applications:|
|• Update Processing:|
|• Build Server:|
|• GNU Free Documentation License:|
The F-Droid server tools provide various scripts and tools that are used to maintain the main F-Droid application repository. You can use these same tools to create your own additional or alternative repository for publishing, or to assist in creating, testing and submitting metadata to the main repository.
The system requirements for using the tools will vary depending on your intended usage. At the very least, you’ll need:
PATH: these directories will be specified in your repository configuration. Recent revisions of the SDK have
aaptlocated in android-sdk/build-tools/ and it may be necessary to make a symlink to it in android-sdk/platform-tools/
If you intend to build applications from source you’ll also need most, if not all, of the following:
If you intend to use the ’Build Server’ system, for secure and clean builds (highly recommended), you will also need:
On the other hand, if you want to build the apps directly on your system without the ’Build Server’ system, you may need:
Because the tools and data will always change rapidly, you will almost certainly want to work from a git clone of the tools at this stage. To get started:
git clone https://gitlab.com/fdroid/fdroidserver.git
You now have lots of stuff in the fdroidserver directory, but the most
important is the ’fdroid’ command script which you run to perform all tasks.
This script is always run from a repository data directory, so the
most sensible thing to do next is to put your new fdroidserver directory
To do anything, you’ll need at least one repository data directory. It’s
from this directory that you run the
fdroid command to perform all
repository management tasks. You can either create a brand new one, or
grab a copy of the data used by the main F-Droid repository:
git clone https://gitlab.com/fdroid/fdroiddata.git
Regardless of the intended usage of the tools, you will always need to set
up some basic configuration details. This is done by creating a file called
config.py in the data directory. You should do this by copying the
example file (
./examples/config.py) from the fdroidserver project to
your data directory and then editing according to the instructions within.
Once configured in this way, all the functionality of the tools is accessed
by running the
fdroid command. Run it on its own to get a list of the
You can follow any command with
--help to get a list of additional
options available for that command.
fdroid update --help
If you want to maintain a simple repository hosting only binary APKs obtained and compiled elsewhere, the process is quite simple:
config.py, by copying
./examples/config.pyfrom the server project and editing it.
repoand put APK files in it.
metadatadirectory and run it again.
fdroid updatewith the
-coption. It will create ’skeleton’ metadata files that are missing, and you can then just edit them and fill in the details.
fdroid updateadds an Icons directory into the repo directory, and also creates the repository index (index.xml, and also index.jar if you’ve configured the system to use a signed index).
repodirectory to your web server.
Following the above process will result in a
repo directory, which you
simply need to push to any HTTP (or preferably HTTPS) server to make it
While some information about the applications (and versions thereof) is
retrieved directly from the APK files, most comes from the corresponding file
metadata directory. The metadata file covering ALL versions of a
particular application is named
package.id.txt where package.id is the
unique identifier for that package.
See the Metadata chapter for details of what goes in the metadata file. All
fields are relevant for binary APKs, EXCEPT for
Build: entries, which
should be omitted.
Instead of (or as well as) including binary APKs from external sources in a repository, you can build them directly from the source code.
Using this method, it is is possible to verify that the application builds correctly, corresponds to the source code, and contains only free software. Unforunately, in the Android world, it seems to be very common for an application supplied as a binary APK to present itself as Free Software when in fact some or all of the following are true:
For this reason, source-built applications are the preferred method for the main F-Droid repository, although occasionally for technical or historical reasons, exceptions are made to this policy.
When building applications from source, it should be noted that you will be signing them (all APK files must be signed to be installable on Android) with your own key. When an application is already installed on a device, it is not possible to upgrade it in place to a new version signed with a different key without first uninstalling the original. This may present an inconvenience to users, as the process of uninstalling loses any data associated with the previous installation.
The process for managing a repository for built-from-source applications is very similar to that described in the Simple Binary Repository chapter, except now you need to:
fdroid buildto build any applications that are not already built.
fdroid publishto finalise packaging and sign any APKs that have been built.
When run without any parameters,
fdroid build will build any and all
versions of applications that you don’t already have in the
directory (or more accurately, the
unsigned directory). There are various
other things you can do. As with all the tools, the
--help option is
your friend, but a few annotated examples and discussion of the more common
usage modes follows:
To build a single version of a single application, you could run the following:
./fdroid build org.fdroid.fdroid:16
This attempts to build version code 16 (which is version 0.25) of the F-Droid client. Many of the tools recognise arguments as packages, allowing their activity to be limited to just a limited set of packages.
If the build above was successful, two files will have been placed in the
The first is the (unsigned) APK. You could sign this with a debug key and push it direct to your device or an emulator for testing. The second is a source tarball containing exactly the source that was used to generate the binary.
If you were intending to publish these files, you could then run:
The source tarball would move to the
repo directory (which is the
directory you would push to your web server). A signed and zip-aligned version
of the APK would also appear there, and both files would be removed from the
If you’re building purely for the purposes of testing, and not intending to
push the results to a repository, at least yet, the
--test option can be
used to direct output to the
tmp directory instead of
A similar effect could by achieved by simply deleting the output files from
unsigned after the build, but with the risk of forgetting to do so!
Along similar lines (and only in conjunction with
--test, you can use
--force to force a build of a Disabled application, where normally it
would be completely ignored. Similarly a version that was found to contain
ELFs or known non-free libraries can be forced to build. See also —
scandelete= in the
If the build was unsuccessful, you can find out why by looking at the output in the logs/ directory. If that isn’t illuminating, try building the app the regular way, step by step: android update project, ndk-build, ant debug.
Note that source code repositories often contain prebuilt libraries. If the app is being considered for the main F-Droid repository, it is important that all such prebuilts are built either via the metadata or by a reputable third party.
You can also build and install directly to a connected device or emulator
fdroid install command. If you do this without passing
packages as arguments then all the latest built and signed version available
of each package will be installed . In most cases, this will not be what you
want to do, so execution will stop straight away. However, you can override
this if you’re sure that’s what you want, by using
--all. Note that
currently, no sanity checks are performed with this mode, so if the files in
the signed output directory were modified, you won’t be notified.
To help with starting work on including a new application,
will take a URL and optionally some other parameters, and attempt to construct
as much information as possible by analysing the source code. Basic usage is:
./fdroid import --url=http://address.of.project
For this to work, the URL must point to a project format that the script understands. Currently this is limited to one of the following:
http://code.google.com/p/PROJECT/Supports git, svn and hg repos.
Some Google Code projects have multiple repositories, identified by a
dropdown list on the
source/checkout page. To access one other than
the default, specify its name using the
Depending on the project type, more or less information may be gathered. For example, the license will be retrieved from a Google Code project, but not a GitHub one. A bare repo url, such as the git:// one, is the least preferable optional of all, since you will have to enter much more information manually.
If the import is successful, a metadata file will be created. You will need to edit this further to check the information, and fill in the blanks.
If it fails, you’ll be told why. If it got as far as retrieving the source
code, you can inspect it further by looking in
tmp/importer where a full
checkout will exist.
A frequent cause of initial failure is that the project directory is actually
a subdirectory in the repository. In this case, run the importer again using
--subdir option to tell it where. It will not attempt to determine
this automatically, since there may be several options.
Information used by update.py to compile the public index comes from two sources:
The metadata files are simple, easy to edit text files, always named as the application’s package ID with ’.txt’ appended.
Note that although the metadata files are designed to be easily read and writable by humans, they are also processed and written by various scripts. They are capable of rewriting the entire file when necessary. Even so, the structure and comments will be preserved correctly, although the order of fields will be standardised. (In the event that the original file was in a different order, comments are considered as being attached to the field following them). In fact, you can standardise all the metadata in a single command, without changing the functional content, by running:
The following sections describe the fields recognised within the file.
|• Auto Name:|
|• Web Site:|
|• Source Code:|
|• Issue Tracker:|
|• Maintainer Notes:|
|• Repo Type:|
|• Requires Root:|
|• Archive Policy:|
|• Update Check Mode:|
|• Update Check Ignore:|
|• Vercode Operation:|
|• Update Check Name:|
|• Update Check Data:|
|• Auto Update Mode:|
|• Current Version:|
|• Current Version Code:|
|• No Source Since:|
Any number of categories for the application to be placed in. There is no fixed list of categories - both the client and the web site will automatically show any categories that exist in any applications. However, if your metadata is intended for the main F-Droid repository, you should use one of the existing categories (look at the site/client), or discuss the proposal to add a new one.
Categories must be separated by a single comma character, ’,’. For backwards compatibility, F-Droid will use the first category given as <category> element for older clients to at least see one category.
This is converted to (
<categories>) in the public index file.
The overall license for the application, or in certain cases, for the source code only.
This is converted to (
<license>) in the public index file.
The name of the application as can best be retrieved from the source code.
This is done so that the commitupdates script can put a familiar name in the
description of commits created when a new update of the application is
found. The Auto Name entry is generated automatically when
checkupdates is run.
The name of the application. Normally, this field should not be present since the application’s correct name is retrieved from the APK file. However, in a situation where an APK contains a bad or missing application name, it can be overridden using this. Note that this only overrides the name in the list of apps presented in the client; it doesn’t changed the name or application label in the source code.
Comma-separated list of application IDs that this app provides. In other words, if the user has any of these apps installed, F-Droid will show this app as installed instead. It will also appear if the user clicks on urls linking to the other app IDs. Useful when an app switches package name, or when you want an app to act as multiple apps.
The URL for the application’s web site. If there is no relevant web site, this can be omitted (or left blank).
This is converted to (
<web>) in the public index file.
The URL to view or obtain the application’s source code. This should be something human-friendly. Machine-readable source-code is covered in the ’Repo’ field.
This is converted to (
<source>) in the public index file.
The URL for the application’s issue tracker. Optional, since not all applications have one.
This is converted to (
<tracker>) in the public index file.
The URL to donate to the project. This should be the project’s donate page if it has one.
It is possible to use a direct PayPal link here, if that is all that is available. However, bear in mind that the developer may not be aware of that direct link, and if they later changed to a different PayPal account, or the PayPal link format changed, things could go wrong. It is always best to use a link that the developer explicitly makes public, rather than something that is auto-generated ’button code’.
This is converted to (
<donate>) in the public index file.
The project’s Flattr (http://flattr.com) ID, if it has one. This should be a numeric ID, such that (for example) https://flattr.com/thing/xxxx leads directly to the page to donate to the project.
This is converted to (
<flattr>) in the public index file.
A bitcoin address for donating to the project.
This is converted to (
<bitcoin>) in the public index file.
A litecoin address for donating to the project.
A brief summary of what the application is. Since the summary is only allowed one line on the list of the F-Droid client, keeping it to within 50 characters will ensure it fits most screens.
A full description of the application, relevant to the latest version. This can span multiple lines (which should be kept to a maximum of 80 characters), and is terminated by a line containing a single ’.’.
Basic MediaWiki-style formatting can be used. Leaving a blank line starts a
new paragraph. Surrounding text with
'' make it italic, and with
''' makes it bold.
You can link to another app in the repo by using
[[app.id]]. The link
will be made appropriately whether in the Android client, the web repo
browser or the wiki. The link text will be the apps name.
Links to web addresses can be done using
For both of the above link formats, the entire link (from opening to closing square bracket) must be on the same line.
Bulletted lists are done by simply starting each item with a
a new line, and numbered lists are the same but using
#. There is
currently no support for nesting lists - you can have one level only.
It can be helpful to note information pertaining to updating from an earlier version; whether the app contains any prebuilts built by the upstream developers or whether non-free elements were removed; whether the app is in rapid development or whether the latest version lags behind the current version; whether the app supports multiple architectures or whether there is a maximum SDK specified (such info not being recorded in the index).
This is converted to (
<desc>) in the public index file.
This is a multi-line field using the same rules and syntax as the description. It’s used to record notes for F-Droid maintainers to assist in maintaining and updating the application in the repository.
This information is also published to the wiki.
The type of repository - for automatic building from source. If this is not specified, automatic building is disabled for this application. Possible values are:
The repository location. Usually a git: or svn: URL, for example.
The git-svn option connects to an SVN repository, and you specify the URL in exactly the same way, but git is used as a back-end. This is preferable for performance reasons, and also because a local copy of the entire history is available in case the upstream repository disappears. (It happens!). In order to use Tags as update check mode for this VCS type, the URL must have the tags= special argument set. Likewise, if you intend to use the RepoManifest/branch scheme, you would want to specify branches= as well. Finally, trunk= can also be added. All these special arguments will be passed to "git svn" in order, and their values must be relative paths to the svn repo root dir. Here’s an example of a complex git-svn Repo URL: http://svn.code.sf.net/p/project/code/svn;trunk=trunk;tags=tags;branches=branches
If the Repo Type is
srclib, then you must specify the name of the
according srclib .txt file. For example if
and you want to use this srclib, then you have to set Repo to
Any number of these fields can be present, each specifying a version to automatically build from source. The value is a comma-separated list. For example:
The above specifies to build version 1.2, which has a version code of 12.
commit= parameter specifies the tag, commit or revision number from
which to build it in the source repository. It is the only mandatory flag,
which in this case could for example be
In addition to the three, always required, parameters described above, further parameters can be added (in name=value format) to apply further configuration to the build. These are (roughly in order of application):
Disables this build, giving a reason why. (For backwards compatibility, this can also be achieved by starting the commit ID with ’!’)
The purpose of this feature is to allow non-buildable releases (e.g. the source
is not published) to be flagged, so the scripts don’t generate repeated
messages about them. (And also to record the information for review later).
If an apk has already been built, disabling causes it to be deleted once
fdroid update is run; this is the procedure if ever a version has to
Specifies to build from a subdirectory of the checked out source code. Normally this directory is changed to before building,
Use if the project (git only) has submodules - causes
update --init --recursive to be executed after the source is cloned.
Submodules are reset and cleaned like the main app repository itself before
As for ’prebuild’, but runs on the source code BEFORE any other processing takes place.
You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the android SDK and NDK directories, and maven 3 executable respectively.
The sdk location in the repo is in an old format, or the build.xml is expecting such. The ’new’ format is sdk.dir while the VERY OLD format is sdk-location. Typically, if you get a message along the lines of: "com.android.ant.SetupTask cannot be found" when trying to build, then try enabling this option.
Specifies a particular SDK target for compilation, overriding the value defined in the code by upstream. This has different effects depending on what build system used — this flag currently affects Ant, Maven and Gradle projects only. Note that this does not change the target SDK in the AndroidManifest.xml, which determines the level of features that can be included in the build.
In the case of an Ant project, it modifies project.properties of the app and possibly sub-projects. This is likely to cause the whole build.xml to be rewritten, which is fine if it’s a ’standard’ android file or doesn’t already exist, but not a good idea if it’s heavily customised.
By default, ’android update’ is used in Ant builds to generate or update the project and all its referenced projects. Specifying update=no bypasses that. Note that this is useless in builds that don’t use Ant.
Default value is ’
auto’, which recursively uses the paths in
project.properties to find all the subprojects to update.
Otherwise, the value can be a comma-separated list of directories in which to run ’android update’ relative to the application directory.
Adds a java.encoding property to local.properties with the given value. Generally the value will be ’utf-8’. This is picked up by the SDK’s ant rules, and forces the Java compiler to interpret source files with this encoding. If you receive warnings during the compile about character encodings, you probably need this.
If specified, the package version in AndroidManifest.xml is replaced with the version name for the build as specified in the metadata.
This is useful for cases when upstream repo failed to update it for specific tag; to build an arbitrary revision; to make it apparent that the version differs significantly from upstream; or to make it apparent which architecture or platform the apk is designed to run on.
If specified, the package version code in the AndroidManifest.xml is replaced with the version code for the build. See also forceversion.
Specifies the relative paths of files or directories to delete before the build is done. The paths are relative to the base of the build directory - i.e. the root of the directory structure checked out from the source respository - not necessarily the directory that contains AndroidManifest.xml.
Multiple files/directories can be specified by separating them with ’,’. Directories will be recursively deleted.
Comma-separated list of external libraries (jar files) from the
build/extlib library, which will be placed in the
of the project.
Comma-separated list of source libraries or Android projects. Each item is of the form name@rev where name is the predefined source library name and rev is the revision or tag to use in the respective source control.
For Ant projects, you can optionally append a number with a colon at the
beginning of a srclib item to automatically place it in project.properties as
a library under the specified number. For example, if you specify
1:email@example.com, f-droid will automatically do the equivalent of the
Each srclib has a metadata file under srclibs/ in the repository directory, and the source code is stored in build/srclib/. Repo Type: and Repo: are specified in the same way as for apps; Subdir: can be a comma separated list, for when directories are renamed by upstream; Update Project: updates the projects in the working directory and one level down; Prepare: can be used for any kind of preparation: in particular if you need to update the project with a particular target. You can then also use $$name$$ in the init/prebuild/build command to substitute the relative path to the library directory, but it could need tweaking if you’ve changed into another directory.
Apply patch(es). ’x’ names one (or more - comma-seperated) files within a directory below the metadata, with the same name as the metadata file but without the extension. Each of these patches is applied to the code in turn.
Specifies a shell command (or commands - chain with &&) to run before the build takes place. Backslash can be used as an escape character to insert literal commas, or as the last character on a line to join that line with the next. It has no special meaning in other contexts; in particular, literal backslashes should not be escaped.
The command runs using bash.
Note that nothing should be built during this prebuild phase - scanning of the code and building of the source tarball, for example, take place after this. For custom actions that actually build things or produce binaries, use ’build’ instead.
You can use $$name$$ to substitute the path to a referenced srclib - see
srclib directory for details of this.
You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
android SDK and NDK directories, and Maven 3 executable respectively e.g.
for when you need to run
android update project explicitly.
Enables one or more files/paths to be excluded from the scan process. This should only be used where there is a very good reason, and probably accompanied by a comment explaining why it is necessary.
When scanning the source tree for problems, matching files whose relative paths start with any of the paths given here are ignored.
Similar to scanignore=, but instead of ignoring files under the given paths, it tells f-droid to delete the matching files directly.
As for ’prebuild’, but runs during the actual build phase (but before the main Ant/Maven build). Use this only for actions that do actual building. Any prepartion of the source code should be done using ’init’ or ’prebuild’.
Any building that takes place before build= will be ignored, as either Ant, mvn or gradle will be executed to clean the build environment right before build= (or the final build) is run.
You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the android SDK and NDK directories, and Maven 3 executable respectively.
Enables building of native code via the ndk-build script before doing the main Ant build. The value may be a list of directories relative to the main application directory in which to run ndk-build, or ’yes’ which corresponds to ’.’ . Using explicit list may be useful to build multi-component projects.
The build and scan processes will complain (refuse to build) if this
parameter is not defined, but there is a
jni directory present.
If the native code is being built by other means like a Gradle task, you
no here to avoid that. However, if the native code is
actually not required or used, remove the directory instead (using
rm=jni for example). Using
buildjni=no when the jni code
isn’t used nor built will result in an error saying that native
libraries were expected in the resulting package.
Version of the NDK to use in this build. Defaults to the latest NDK release that included legacy toolchains, so as to not break builds that require toolchains no longer included in current versions of the NDK.
The buildserver supports r9b with its legacy toolchains and the latest release as of writing this document, r10d. You may add support for more versions by adding them to ’ndk_paths’ in your config file.
Build with Gradle instead of Ant, specifying what flavours to use. Flavours are case sensitive since the path to the output apk is as well.
If only one flavour is given and it is ’yes’ or ’main’, no flavour will be used. Note that for projects with flavours, you must specify at least one valid flavour since ’yes’ or ’main’ will build all of them separately.
Build with Maven instead of Ant. An extra @<dir> tells f-droid to run Maven inside that relative subdirectory. Sometimes it is needed to use @.. so that builds happen correctly.
List of Gradle tasks to be run before the assemble task in a Gradle project build.
Specify an alternate set of Ant commands (target) instead of the default ’release’. It can’t be given any flags, such as the path to a build.xml.
To be used when app is built with a tool other than the ones natively supported, like GNU Make. The given path will be where the build= set of commands should produce the final unsigned release apk.
Don’t check that the version name and code in the resulting apk are correct by looking at the build output - assume the metadata is correct. This takes away a useful level of sanity checking, and should only be used if the values can’t be extracted.
Another example, using extra parameters:
This is optional - if present, it contains a comma-separated list of any of the following values, describing an anti-feature the application has. Even though such apps won’t be displayed unless a settings box is ticked, it is a good idea to mention the reasons for the anti-feature(s) in the description:
If this field is present, the application does not get put into the public index. This allows metadata to be retained while an application is temporarily disabled from being published. The value should be a description of why the application is disabled. No apks or source code archives are deleted: to purge an apk see the Build Version section or delete manually for developer builds. The field is therefore used when an app has outlived it’s usefulness, because the source tarball is retained.
Set this optional field to "Yes" if the application requires root privileges to be usable. This lets the client filter it out if the user so desires. Whether root is required or not, it is good to give a paragraph in the description to the conditions on which root may be asked for and the reason for it.
This determines the policy for moving old versions of an app to the archive repo, if one is configured. The configuration sets a default maximum number of versions kept in the main repo, after which older ones are moved to the archive. This app-specific policy setting can override that.
Currently the only supported format is "n versions", where n is the number of versions to keep.
This determines the method using for determining when new releases are
available - in other words, the updating of the Current Version and Current
Version Code fields in the metadata by the
fdroid checkupdates process.
Valid modes are:
None- No checking is done because there’s no appropriate automated way of doing so. Updates should be checked for manually. Use this, for example, when deploying betas or patched versions; when builds are done in a directory different to where the AndroidManifest.xml is; if the developers use the Gradle build system and store version info in a separate file; if the developers make a new branch for each release and don’t make tags; or if you’ve changed the package name or version code logic.
Static- No checking is done - either development has ceased or new versions are not desired. This method is also used when there is no other checking method available and the upstream developer keeps us posted on new versions.
RepoManifest- At the most recent commit, the AndroidManifest.xml file is looked for in the directory where it was found in the the most recent build. The appropriateness of this method depends on the development process used by the application’s developers. You should not specify this method unless you’re sure it’s appropriate. For example, some developers bump the version when commencing development instead of when publishing. It will return an error if the AndroidManifest.xml has moved to a different directory or if the package name has changed. The current version that it gives may not be accurate, since not all versions are fit to be published. Therefore, before building, it is often necessary to check if the current version has been published somewhere by the upstream developers, either by checking for apks that they distribute or for tags in the source code repository.
It currently works for every repository type to different extents, except the srclib repo type. For git, git-svn and hg repo types, you may use "RepoManifest/yourbranch" as UCM so that "yourbranch" would be the branch used in place of the default one. The default values are "master" for git, "default" for hg and none for git-svn (it stays in the same branch). On the other hand, branch support hasn’t been implemented yet in bzr and svn, but RepoManifest may still be used without it.
RepoTrunk- For svn and git-svn repositories, especially those who don’t have a bundled AndroidManifest.xml file, the Tags and RepoManifest checks will not work, since there is no version information to obtain. But, for those apps who automate their build process with the commit ref that HEAD points to, RepoTrunk will set the Current Version and Current Version Code to that number.
Tags- The AndroidManifest.xml file in all tagged revisions in the source repository is checked, looking for the highest version code. The appropriateness of this method depends on the development process used by the application’s developers. You should not specify this method unless you’re sure it’s appropriate. It shouldn’t be used if the developers like to tag betas or are known to forget to tag releases. Like RepoManifest, it will not return the correct value if the directory containing the AndroidManifest.xml has moved. Despite these caveats, it is the often the favourite update check mode.
It currently only works for git, hg, bzr and git-svn repositories. In the case of the latter, the repo URL must contain the path to the trunk and tags or else no tags will be found.
Optionally append a regex pattern at the end - separated with a space - to
only check the tags matching said pattern. Useful when apps tag non-release
versions such as X.X-alpha, so you can filter them out with something like
.*[0-9]$ which requires tag names to end with a digit.
HTTP- HTTP requests are used to determine the current version code and version name. This is controlled by the
Update Check Datafield, which is of the form
urlcode is non-empty, the document from that URL is
retrieved, and matched against the regular expression
excode, with the
first group becoming the version code.
urlver is non-empty, the document from that URL is
retrieved, and matched against the regular expression
exver, with the
first group becoming the version name. The
urlver field can be set to
simply ’.’ which says to use the same document returned for the version code
again, rather than retrieving a different one.
Operation to be applied to the vercode obtained by the defined
%c will be replaced by the actual vercode, and the whole
string will be passed to python’s
Especially useful with apps that we want to compile for different ABIs, but
whose vercodes don’t always have trailing zeros. For example, with
Vercode Operation set at something like
%c*10 + 4, we will be
able to track updates and build up to four different versions of every
When checking for updates (via
Update Check Mode) this can be used to
specify a regex which, if matched against the version name, causes that version
to be ignored. For example, ’beta’ could be specified to ignore version names
that include that text.
When checking for updates (via
Update Check Mode) this can be used to
specify the package name to search for. Useful when apps have a static package
name but change it programmatically in some app flavors, by e.g. appending
".open" or ".free" at the end of the package name.
Used in conjunction with
Update Check Mode for certain modes.
This determines the method using for auto-generating new builds when new releases are available - in other words, adding a new Build Version line to the metadata. This happens in conjunction with the ’Update Check Mode’ functionality - i.e. when an update is detected by that, it is also processed by this.
Valid modes are:
None- No auto-updating is done
Version- Identifies the target commit (i.e. tag) for the new build based on the given version specification, which is simply text in which %v and %c are replaced with the required version name and version code respectively.
For example, if an app always has a tag "2.7.2" corresponding to version 2.7.2, you would simply specify "Version %v". If an app always has a tag "ver_1234" for a version with version code 1234, you would specify "Version ver_%c".
Additionally, a suffix can be added to the version name at this stage, to differentiate F-Droid’s build from the original. Continuing the first example above, you would specify that as "Version +-fdroid %v" - "-fdroid" is the suffix.
The name of the version that is current. There may be newer versions of the application than this (e.g. betas), and there will almost certainly be older ones. This should be the one that is recommended for general use. In the event that there is no source code for the current version, or that non-free libraries are being used, this would ideally be the latest version that is still free, though it may still be expedient to retain the automatic update check — see No Source Since.
This field is normally automatically updated - see Update Check Mode.
This is converted to (
<marketversion>) in the public index file.
The version code corresponding to the Current Version field. Both these fields must be correct and matching although it’s the current version code that’s used by Android to determine version order and by F-Droid client to determine which version should be recommended.
This field is normally automatically updated - see Update Check Mode.
This is converted to (
<marketvercode>) in the public index file.
In case we are missing the source code for the Current Version reported by Upstream, or that non-free elements have been introduced, this defines the first version that began to miss source code. Apps that are missing source code for just one or a few versions, but provide source code for newer ones are not to be considered here - this field is intended to illustrate which apps do not currently distribute source code, and since when have they been doing so.
There are various mechanisms in place for automatically detecting that updates
are available for applications, with the
Update Check Mode field in the
metadata determining which method is used for a particular application.
fdroid checkupdates command will apply this method to each
application in the repository and update the
Current Version and
Current Version Code fields in the metadata accordingly.
As usual, the
-p option can be used with this, to restrict processing
to a particular application.
Note that this only updates the metadata such that we know what the current published/recommended version is. It doesn’t make that version available in the repository - for that, see the next section.
Adding updates (i.e. new versions of applications already included in the
repository) happens in two ways. The simple case is applications where the
APK files are binaries, retrieved from a developer’s published build. In this
case, all that’s required is to place the new binary in the
directory, and the next run of
fdroid update will pick it up.
For applications built from source, it is necessary to add a new
Build Version line to the metadata file. At the very least, the version
name, version code and commit will be different. It is also possible that the
additional build flags will change between versions.
For processing multiple updates in the metadata at once, it can be useful to
fdroid update --interactive. This will check all the applications
in the repository, and where updates are required you will be prompted to
[E]dit the metadata, [I]gnore the update, or [Q]uit altogether.
The Build Server system isolates the builds for each package within a clean, isolated and secure throwaway virtual machine environment.
Building applications in this manner on a large scale, especially with the involvement of automated and/or unattended processes, could be considered a dangerous pastime from a security perspective. This is even more the case when the products of the build are also distributed widely and in a semi-automated ("you have updates available") fashion.
Assume that an upstream source repository is compromised. A small selection of things that an attacker could do in such a situation:
Through complete isolation, the repurcussions are at least limited to the application in question. Not only is the build environment fresh for each build, and thrown away afterwards, but it is also isolated from the signing environment.
Aside from security issues, there are some applications which have strange requirements such as custom versions of the NDK. It would be impractical (or at least extremely messy) to start modifying and restoring the SDK on a multi-purpose system, but within the confines of a throwaway single-use virtual machine, anything is possible.
All this is in addition to the obvious advantage of having a standardised and completely reproducible environment in which builds are made. Additionally, it allows for specialised custom build environments for particular applications.
In addition to the basic setup previously described, you will also need a Vagrant-compatible Debian Testing base box called ’testing32’ (or testing64 for a 64-bit VM, if you want it to be much slower, and require more disk space).
You can use a different version or distro for the base box, so long as you don’t expect any help making it work. One thing to be aware of is that working copies of source trees are moved from the host to the guest, so for example, having subversion v1.6 on the host and v1.7 on the guest would fail.
The output of this step is a minimal Debian VM that has support for remote login and provisioning.
Unless you’re very trusting, you should create one of these for yourself
from verified standard Debian installation media. However, by popular
makebuildserver script will automatically download a
prebuilt image unless instructed otherwise. If you choose to use the
prebuilt image, you may safely skip the rest of this section.
Documentation for creating a base box can be found at http://docs.vagrantup.com/v1/docs/base_boxes.html.
In addition to carefully following the steps described there, you should consider the following:
For a Debian/Ubuntu default install, just
touch /etc/udev/rules.d/75-persistent-net-generator.rules to turn
off rule generation, and at the same time, get rid of any rules it’s
already created in
GRUB_RECORDFAIL_TIMEOUTto a value other than -1 in
/etc/grub/defaultand then run
The next step in the process is to create
./examples/makebs.config.py as a reference - look at the settings and
documentation there to decide if any need changing to suit your environment.
There is a path for retrieving the base box if it doesn’t exist, and an apt
proxy definition, both of which may need customising for your environment.
You can then go to the
fdroidserver directory and run this:
This will take a long time, and use a lot of bandwidth - most of it spent installing the necessary parts of the Android SDK for all the various platforms. Luckily you only need to do it occasionally. Once you have a working build server image, if the recipes change (e.g. when packages need to be added) you can just run that script again and the existing one will be updated in place.
The main sdk/ndk downloads will automatically be cached to speed things
up the next time, but there’s no easy way of doing this for the longer
sections which use the SDK’s
android tool to install platforms,
add-ons and tools. However, instead of allowing automatic caching, you
can supply a pre-populated cache directory which includes not only these
downloads, but also .tar.gz files for all the relevant additions. If the
provisioning scripts detect these, they will be used in preference to
running the android tools. For example, if you have
buildserver/addons/cache/platforms/android-19.tar.gz that will be
used when installing the android-19 platform, instead of re-downloading it
android update sdk --no-ui -t android-19.
Once it’s complete you’ll have a new base box called ’buildserver’ which is
what’s used for the actual builds. You can then build packages as normal,
but with the addition of the
--server flag to
fdroid build to
instruct it to do all the hard work within the virtual machine.
The first time a build is done, a new virtual machine is created using the
’buildserver’ box as a base. A snapshot of this clean machine state is saved
for use in future builds, to improve performance. You can force discarding
of this snapshot and rebuilding from scratch using the
There are two kinds of signing involved in running a repository - the signing of the APK files generated from source builds, and the signing of the repo index itself. The latter is optional, but very strongly recommended.
When setting up the repository, one of the first steps should be to generate a signing key for the repository index. This will also create a keystore, which is a file that can be used to hold this and all other keys used. Consider the location, security and backup status of this file carefully, then create it as follows:
keytool -genkey -v -keystore my.keystore -alias repokey -keyalg RSA -keysize 2048 -validity 10000
In the above, replace ’my.keystore’ with the name of the keystore file to be created, and ’repokey’ with a name to identify the repo index key by.
You’ll be asked for a password for the keystore, AND a password for the key. They shouldn’t be the same. In between, you’ll be asked for some identifying details which will go in the certificate.
The two passwords entered go into
keypass respectively. The path to the keystore file, and the alias you
chose for the key also go into that file, as
With the repo index signing configured, all that remains to be done for package
signing to work is to set the
keydname field in
contain the same identifying details you entered before.
A new key will be generated using these details, for each application that is
built. (If a specific key is required for a particular application, this system
can be overridden using the
keyaliases config settings.
Copyright © 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
The purpose of this License is to make a manual, textbook, or other functional and useful document free in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.
This License is a kind of “copyleft”, which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The “Document”, below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as “you”. You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law.
A “Modified Version” of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.
A “Secondary Section” is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document’s overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.
The “Invariant Sections” are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none.
The “Cover Texts” are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words.
A “Transparent” copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not “Transparent” is called “Opaque”.
Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only.
The “Title Page” means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, “Title Page” means the text near the most prominent appearance of the work’s title, preceding the beginning of the body of the text.
The “publisher” means any person or entity that distributes copies of the Document to the public.
A section “Entitled XYZ” means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as “Acknowledgements”, “Dedications”, “Endorsements”, or “History”.) To “Preserve the Title” of such a section when you modify the Document means that it remains a section “Entitled XYZ” according to this definition.
The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License.
You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document’s license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:
If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version’s license notice. These titles must be distinct from any other section titles.
You may add a section Entitled “Endorsements”, provided it contains nothing but endorsements of your Modified Version by various parties—for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled “History” in the various original documents, forming one section Entitled “History”; likewise combine any sections Entitled “Acknowledgements”, and any sections Entitled “Dedications”. You must delete all sections Entitled “Endorsements.”
You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an “aggregate” if the copyright resulting from the compilation is not used to limit the legal rights of the compilation’s users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document’s Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate.
Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail.
If a section in the Document is Entitled “Acknowledgements”, “Dedications”, or “History”, the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title.
You may not copy, modify, sublicense, or distribute the Document except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, or distribute it is void, and will automatically terminate your rights under this License.
However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.
Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, receipt of a copy of some or all of the same material does not give you any rights to use it.
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License “or any later version” applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. If the Document specifies that a proxy can decide which future versions of this License can be used, that proxy’s public statement of acceptance of a version permanently authorizes you to choose that version for the Document.
“Massive Multiauthor Collaboration Site” (or “MMC Site”) means any World Wide Web server that publishes copyrightable works and also provides prominent facilities for anybody to edit those works. A public wiki that anybody can edit is an example of such a server. A “Massive Multiauthor Collaboration” (or “MMC”) contained in the site means any set of copyrightable works thus published on the MMC site.
“CC-BY-SA” means the Creative Commons Attribution-Share Alike 3.0 license published by Creative Commons Corporation, a not-for-profit corporation with a principal place of business in San Francisco, California, as well as future copyleft versions of that license published by that same organization.
“Incorporate” means to publish or republish a Document, in whole or in part, as part of another Document.
An MMC is “eligible for relicensing” if it is licensed under this License, and if all works that were first published under this License somewhere other than this MMC, and subsequently incorporated in whole or in part into the MMC, (1) had no cover texts or invariant sections, and (2) were thus incorporated prior to November 1, 2008.
The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on the same site at any time before August 1, 2009, provided the MMC is eligible for relicensing.
|Jump to:||A B C D F I L M N P R S U V W|
|Archive Policy:||Archive Policy|
|Auto Name:||Auto Name|
|Auto Update Mode:||Auto Update Mode|
|binary:||Simple Binary Repository|
|Current Version:||Current Version|
|Current Version Code:||Current Version Code|
|Issue Tracker:||Issue Tracker|
|Maintainer Notes:||Maintainer Notes|
|No Source Since:||No Source Since|
|Repo Type:||Repo Type|
|Requires Root:||Requires Root|
|Source Code:||Source Code|
|Update Check Data:||Update Check Data|
|Update Check Ignore:||Update Check Ignore|
|Update Check Mode:||Update Check Mode|
|Update Check Name:||Update Check Name|
|Vercode Operation:||Vercode Operation|
|Web Site:||Web Site|
|Jump to:||A B C D F I L M N P R S U V W|