Tubular
Tubular copied to clipboard
polymorphicshade
F-droid availability?
Checklist
- [X] I made sure that there are no existing issues - open or closed - which I could contribute my information to.
- [X] I have read the FAQ and my problem isn't listed.
- [X] I'm aware that this is a request for NewPipe itself and that requests for adding a new service need to be made at NewPipeExtractor.
- [X] I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise.
- [X] This issue contains only one feature request.
- [X] I have read and understood the contribution guidelines.
Feature description
Great to se the new app. I hope that the new app will be on f-droid. Maybe it's even in the pipeline due to the delay in f-droid, but it would be nice to know if it's planned to be there.
Why do you want this feature?
.
Additional information
No response
I have no idea how to do this (someone else did this with my old fork).
I'll do this whenever I find the time, unless someone else wants to do this... 😅
@polymorphicshade inclusion was just requested with my repo. I'm fine with adding it, but have a few questions a.o. from my scanner reports, so let me copy those over here for you:
Offending libs:
---------------
* ACRA (/org/acra): Tracking
1 offenders.
Permissions:
------------
* android.permission.INTERNET
* android.permission.WAKE_LOCK
* android.permission.ACCESS_NETWORK_STATE
* android.permission.WRITE_EXTERNAL_STORAGE
* android.permission.SYSTEM_ALERT_WINDOW
* android.permission.FOREGROUND_SERVICE
* android.permission.POST_NOTIFICATIONS
* android.permission.RECEIVE_BOOT_COMPLETED
* org.polymorphicshade.tubular.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
* android.permission.READ_EXTERNAL_STORAGE*
SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
Top-down:
- is ACRA opt-in, opt-out or mandatory? If it's used the same way as with its predecessor (Newpipe x SponsorBlock), it's only used via email the users have to send themselves, and thus opt-in, but that needs to be confirmed.
- what does
android.permission.SYSTEM_ALERT_WINDOWapply to (educated guess: floating player?) -
android.permission.READ_EXTERNAL_STORAGEis granted implicitly (hence the asterisk) due toWRITE_EXTERNAL_STORAGE. So if the two are indeed needed, it would be good to know what for – and maybe to haveREAD_EXTERNAL_STORAGEbe requested explicitly.
SigningBlock: I guess Android Studio (or IntelliJ IDEA) is used for signing? In that case, the following should be integrated with build.gradle?
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it contains.
The entire Fastlane tree is untouched from NewPipe. Could it please be updated to match the app? Especially some screenshots would be good to have, and the proper shortdesc/fulldesc.
Thanks for checking (and implementing what's needed :wink:)
@IzzySoft
- ARCA is only used for sending crash reports
- the SYSTEM_ALERT_WINDOW permission is only used for the app to draw over other apps
- code related to the WRITE_EXTERNAL_STORAGE permission hasn't changed from vanilla NewPipe, so I'm opting not to change anything related to that
- I'll work on the the other changes soon 👍
ARCA is only used for sending crash reports
The one asking the user to confirm? Fine, then I can remove the Tracking flag (done, effective with the next sync).
the SYSTEM_ALERT_WINDOW permission is only used for the app to draw over other apps
Yeah, that's what the permission SYSTEM_ALERT_WINDOW is described as :wink: I mean, how does the app make use of that? A floating video player?
code related to the WRITE_EXTERNAL_STORAGE permission hasn't changed from vanilla NewPipe, so I'm opting not to change anything related to that
Vanilla NewPipe is not in my repo, so I cannot tell. But with the latest updates to my APK checks those permissions turn up "red" as being sensitive, unless an explanation is added what for they are necessary. I have no issues with READ_EXTERNAL_STORAGE being granted implicitly as long as I know what it's needed for :wink:
I'll work on the the other changes soon
Thanks a lot!
Yeah, that's what the permission
SYSTEM_ALERT_WINDOWis described as 😉 I mean, how does the app make use of that? A floating video player?
Yes, Newpipe has a floating mini-player.
Btw, I'm sure you @IzzySoft are aware that @polymorphicshade did have another Newpipe fork based on the previous Newpipe version in your repo (org.polymorphicshade.newpipe). Since this one is basically an updated version of this fork and the other one is out-of-development (https://github.com/polymorphicshade/NewPipe), consider removing the old fork from the repo :)
@ColorfulShire thanks! And yes, I'm aware of that – and yes again, it's already "marked for removal" here. I'll just need to prepare the transition (was busy with other things), like adding a comment to the description of the "old one" that it's continued as "new one", to give those currently using that a chance to find there way "over".
@IzzySoft Oh, sorry... yes the SYSTEM_ALERT_WINDOW permission is used for the floating popup player.
The WRITE_EXTERNAL_STORAGE permission is used for downloading videos. The app explicitly asks for permission, see here
Thanks, added them all to the allow-list here then:
As for the signing BLOB, please see above. Easy to get rid of that – which would also remove it from the screenshot. Err, from where the screenshot was taken from of course…
like adding a comment to the description of the "old one" that it's continued as "new one", to give those currently using that a chance to find there way "over".
@IzzySoft seems the actual app name went MIA, it currently reads:
Note: the app's repository has been archived 2023-12-29, so there won't be updates anymore. The app is however continued as
Major cliffhanger! 😄
Also, might I suggest putting the note above the regular description instead of below? Most F-Droid clients don't show the full description of an app until you tap a Read more button, which someone who is already using the app and just trying to find out if there are updates isn't likely to do.
@kaoneko thanks for the pointers! Fixed both, should go live within the next half hour.
Hmpf, one more thing:
What is this? Someone complained to me:
Showed an alert and tap opened the .apk download in browser. No explanation or nothing.
That's violating the inclusion criteria concerning self-updaters. Those must be strictly opt-in, with all details explained – as such side-loaded updates bypass the scans performed by the repo (F-Droid's and mine). Can you please remove that?
So no word, @polymorphicshade? You're still there?
OH! Sorry... I acknowledged your comment with a thumbs-up, not realizing that wasn't enough 😅 Yes next version the auto update prompt will be disabled by default.
np – and thanks for the explicit statement. I must admit I saw 4 thumbs when I first checked, but didn't check whom they came from :see_no_evil:
https://github.com/TeamNewPipe/NewPipe/discussions/10785#discussioncomment-8950428 | https://github.com/TeamNewPipe/NewPipe/pull/10790
@polymorphicshade This is already fixed in upstream for upcoming vv0.27.0 Here for Tubular, does it connect to official NewPipe domain? Then disabling makes sense but if checks from this repository then you may consider the same behavior as NewPipe.
Why closed? Official F-Droid repo inclusion not planned? @polymorphicshade
Why closed? Official F-Droid repo inclusion not planned? @polymorphicshade
It is on F-Droid under the IzzyOnDroid repo.
Yes. I assume originally the issue was created for official F-Droid repo. I've requested for packaging at F-Droid. So I'm asking if you intend to publish there or no interest for it.
@shuvashish76 oh! I understand what you're saying now. I have little knowledge of F-Droid and how to publish things, and I don't have the time to figure it out, so I let IzzyOnDroid deal with it.
https://gitlab.com/fdroid/rfp/-/issues/2707
@licaon-kter & @eighthave from F-Droid team working on it do have a look on #52 Thanks. See their instructions here.
@shuvashish76 I recently pushed a fix to master that should fix that Git clone issue they mention (hopefully...)
F-Droid team working on it
And what solution did the two find? That issue is closed with no reference to a solution.
I recently pushed a fix to master that should fix that Git clone issue
Ah, you found it yourself? Glad to read it's solved then! And of course Tubular is welcome to stay in the IzzyOnDroid repo if you want it to.
so I let IzzyOnDroid deal with it.
Deal with what?
And what solution did the two find? That issue is closed with no reference to a solution.
I couldn't even clone the repo locally, since there's some olden corruption or whatever :(
I recently pushed a fix to master that should fix that Git clone issue they mention (hopefully...)
but indeed, now it is fixed :tada:
@polymorphicshade
It is on F-Droid under the...
There's no Izzy repo unless you add it.
this issue was closed because of a misunderstanding I guess?!
the OP asks for the app being built by f-droid.org (like NewPipe is built too)
Will take a look asap, now that we can clone :)
@licaon-kter
I couldn't even clone the repo locally, since there's some olden corruption or whatever :(
Yes, that was described. I was wondering about the solution. Meanwhile I know it: @obfusk has provided a fix, see #60 – as that's implemented, you should now be able to clone.
but indeed, now it is fixed 🎉
Yupp :smiley:
I couldn't even clone the repo locally, since there's some olden corruption or whatever :(
Being unable to clone was because of a file with wrong mode bits (see #60 for my explanation). There was never any kind of corruption; you mistook a transient network error ("fetch-pack: unexpected disconnect while reading sideband packet") for an fsck failure.
@polymorphicshade any updates?
planned label but issue closed ‽...please reopen the issue.
This draft recipe metadata/org.polymorphicshade.tubular.yml
AntiFeatures:
NonFreeNet:
en-US: Depends on Youtube for videos.
Categories:
- Internet
- Multimedia
License: GPL-3.0-or-later
SourceCode: https://github.com/polymorphicshade/Tubular
RepoType: git
Repo: https://github.com/polymorphicshade/Tubular.git
Binaries: https://github.com/polymorphicshade/Tubular/releases/download/v%v/tubular_v%v.apk
Builds:
- versionName: 0.27.2
versionCode: 999
commit: c2765316542743c2a4fc02d75ccf44bc22f53878
subdir: app
gradle:
- yes
rm:
- doc
- app/src/test
AllowedAPKSigningKeys: 8ad7025a8c911454e2a7b4515e360c52ca63ec0410a042ff46e9ad05b509e187
AutoUpdateMode: None
UpdateCheckMode: Tags .*[0-9]$
builds, but it's not build reproducible (ref: https://f-droid.org/docs/Inclusion_How-To/#reproducible-builds)
difflog: tub999.log
was the APK in https://github.com/polymorphicshade/Tubular/releases/tag/v0.27.2 built from https://github.com/polymorphicshade/Tubular/commit/c2765316542743c2a4fc02d75ccf44bc22f53878 ? Or maybe from some local dirty tree?
what is the reason that release.yml could build the apk but f-droid reproducible build cannot?
https://github.com/polymorphicshade/Tubular/blob/c2765316542743c2a4fc02d75ccf44bc22f53878/.github/workflows/release.yml#L23-L55
Not sure I follow.
As said, F-Droid can build it just fine.
But, as you can read in the attached log, there are differences compared to the released tagged apk.
Somebody familiar with the codebase can read and maybe figure out why this happens.