Release 2.10 lacks its APK

At release 2.10 there's no APK attached. Could you please add it?

The Google Play link seems to be broken as well but you can still download version 2.10 from F-Droid.

That doesn't help with the listing at IzzyOnDroid, which uses the APKs provided by the developers themselves. The APK from F-Droid has a different signature (one generated and maintained by F-Droid), so it cannot be used to update the app if installed from IzzyOnDroid or PlayStore.

Just letting you know that I've published a revived version of this app on Google Play.

Since it's a different APK, it has the same problem that @IzzySoft mentioned, which is it not being able to update versions installed from the Play Store, but this app is no longer maintained, so it won't be published anymore there (or on F-Droid). I hope to keep my version updated though!

@SamLeatherdale so how about you publish your releases at your Github repo as well, so IzzyOnDroid (and probably also F-Droid) can pick it up? We can then add a note on the original app, pointing people to switch to yours. Remember that many FOSS folks have cut their ties with Google's empire, and thus are not helped by a PlayStore listing. We prefer not to be tracked by marketing companies.

Right now, my version has no functional differences to the existing version on F-Droid. Once it does, I'm happy to publish it on GitHub as well 👍

But to be honest, I think there are better FOSS options out there already, like URLCheck or LinkSheet. I'm mainly publishing this for Play Store users, since FOSS users have excellent and more feature rich options already available.

Please give me a ping then. If all agree on "the way forward" I've outlined here, we then can proceed.

But to be honest, I think there are better FOSS options out there already, like URLCheck or LinkSheet. I'm mainly publishing this for Play Store users, since FOSS users have excellent and more feature rich options already available.

@SamLeatherdale Many of us who prefer FOSS software like the idea of updated 1-function software, so your soon-to-be-updated release will be a benefit to us. E.g., URLCheck has more features than I want, & LinkSheet's dev refuses to make current releases available to be picked up by any F-Droid-compatible repo for simple updating.

@IzzySoft OK, I've created a release with the latest version here: v3.2.0

Is that all I need to do from my end?

Thanks! First, scanner findings:

SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Easily avoided by adding a few lines to your build.gradle:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs (for IzzyOnDroid/F-Droid)
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles (for Google Play)
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.

Second, this is a very bad idea, it makes building an unsigned APK (as we need to do for Reproducible Builds (see Reproducible Builds, special client support and more at IzzyOnDroid for some background) impossible as the entire build fails. It better falls back to building an unsigned APK if the keystore is not available, see e.g. here for some details. I've helped myself around this with some sed for now:

build:
  - sed -r '/signingConfigs.release/d' -i app/build.gradle
  - sed -r 's/(\s*)throw new GradleException\("Required properties file not found.*\)/\1println "Required properties file not found:\ \${file.absolutePath}"/' -i app/build.gradle
  - ./gradlew assembleFlossRelease

which then had the build succeed (well, I could have made the message "Signing properties not found, signing will be skipped" 🤷‍♂ but it was just to get things working, not being the "final fix"). Ah, you build on Windows… OK, needs a few more adjustments.

build:
  - sed -r '/signingConfigs.release/d' -i app/build.gradle
  - sed -r 's/(\s*)throw new GradleException\("Required properties file not found.*\)/\1println "Required properties file not found:\ \${file.absolutePath}"/' -i app/build.gradle
  - ./gradlew assembleFlossRelease
  - find . -name '*.apk'
  - git clone -b v0.3.0 https://github.com/obfusk/reproducible-apk-tools.git
  - OUT=app/build/outputs/apk/floss/release/app-floss-release-unsigned.apk
  - reproducible-apk-tools/inplace-fix.py --internal --zipalign fix-newlines $OUT 'META-INF/services/*' 'assets/open_source_licenses.html'

(adjusting to the Windows line-breaks in your build). Yupp, that did the trick: congrats, the app is RB 🥳 Starting integration now, as discussed. Should you change the signing part, please give me a ping (from your issue tracker then, preferably?) so we can adjust the recipe.

I've added a note to the original app here:

NOTE: due to change of maintainership, this app has been moved to Open Link With. Please switch to that app to further receive updates.

I further took app metadata (description, screenshots) from there to init the new app. Will send you a PR with a Fastlane Starter Package, so you can adjust that to what you think should be there; changes will then be pulled along with future updates.

Updates for the original app by @tasomaniac have been disabled, and the app is marked for removal in Juli. Hope that fits all involved? If not, we can adjust.

if only for fdroid org purposes, wouldnt it make sense to invite @SamLeatherdale to have write access on this repo?

@tasomaniac wanted me to work on a fork, rather than taking over the original app, which would have required him to transfer signing keys to me, something which he was not willing to do (understandably).

I don't think he would have to transfer signing keys for the fdroid org repo, (doesnt fdroid sign them?). the regular (developer-signed) releases would start to use your key though.

Reason i inquire, is because i stumbled upon your fork, not knowing that the original was discontinued. Would have been nice if the original in fdroid org was updated seamlessly

@nahuhh the original app here seems no longer listed at either F-Droid.org nor IzzyOnDroid. Sam's fork however is listed at IzzyOnDroid, and is established as reproducible build – @SamLeatherdale if you like shields, there's [<img src="https://shields.rbtlog.dev/simple/com.samleatherdale.openwith.floss" alt="RB shield">](https://shields.rbtlog.dev/com.samleatherdale.openwith.floss) available to show the RB status of the last build:

doesnt fdroid sign them?

Only those not established there as RB 😉

I don't think he would have to transfer signing keys for the fdroid org repo, (doesnt fdroid sign them?). the regular (developer-signed) releases would start to use your key though.

Reason i inquire, is because i stumbled upon your fork, not knowing that the original was discontinued. Would have been nice if the original in fdroid org was updated seamlessly

Then that can be a feature request to f-droid to support such transfers. Since f-droid signs them anyways, there can be a way to let users update seamlessly.

The above context was related to Play Store where it gets trickier. They actually support such transfers but I didn't want to share my signing key.