3.5 KiB
3.5 KiB
QSfera Android Argus Rollout Policy
Sources
- Android update requirement: Android Developers says an update must use the same application ID and the same signing certificate as the installed app, unless it contains a valid proof-of-rotation: https://developer.android.com/google/play/app-updates.
- QSfera update implementation:
Android/qsferaApp/src/main/java/eu/qsfera/android/presentation/settings/update/AppUpdateManager.kt. - QSfera Android version and release signing env names:
Android/qsferaApp/build.gradle. - Argus publication authority:
G:/Repos/Marketplace/ARGUS_PUBLICATION.md. - Current Argus release and certificate facts verified for this production-readiness pass:
PRODUCTION_READINESS.md, sectionAndroid Argus Publication Check.
Policy
- Stable Argus releases for
qsfera-mobilemust keep the same package name and production signing certificate after the first production-signed1.3.11/39release. - Argus publication is SSH-only and must follow
G:/Repos/Marketplace/ARGUS_PUBLICATION.md: copy the APK to the Pi, write metadata to/srv/argus-data/argus.db, and store package bytes under/srv/argus-data/Packages. Do not add or use HTTP/api/admin/*publication routes from this repository. - The in-app updater must use the public read-only manifest endpoint, treat HTTP
404as no update, comparerelease.versionwith the installed version, downloadARGUS_BASE_URL + release.downloadPath, verifyrelease.packageSizeBytesandrelease.sha256, and only then start Android package installation. - The in-app updater must not bypass certificate mismatch.
AppUpdateManagervalidates package name, newer installed APK metadata, optional ArgusandroidVersionCodewhen present, manifest version, and signer digest before starting Android package installation. - A client installed from the debug-signed
1.3.5/33Argus APK cannot be moved to the current production-signed stable APK (1.3.13/41as of 2026-06-12) by the in-app updater because the signer digest check intentionally fails. - For debug-signed
1.3.5installs, the supported migration path is: back up unsynced local files, uninstall the debug-signed build, then install the current stable QSfera APK from Argus. - On certificate mismatch, the Android app must show an explicit reinstall-required dialog instead of a generic update error.
Release Checklist
- Build the stable APK with the same release key material through
QSFERA_RELEASE_KEYSTORE,QSFERA_RELEASE_KEYSTORE_PASSWORD,QSFERA_RELEASE_KEY_ALIAS, andQSFERA_RELEASE_KEY_PASSWORD. - Prepare Argus publication only from a clean release branch whose
HEADmatches its upstream;Android/scripts/prepare-argus-publication.ps1enforces this by default and records repository root, branch, upstream, commit, and verification time inargus-publication.json. When the Android checkout is used from the pushedQSfera.gitmonorepo, run it fromAndroid/with-GitProvenanceRoot ... - Verify the local release signing material and latest Argus APK certificate with
Android/scripts/verify-release-signing-material.ps1 -VerifyPublishedApk. - Verify the APK certificate before upload with
apksigner verify --print-certs. - Publish to Argus only through
Android/scripts/publish-release.ps1, which implements the SSH/SQLite/Data/Packages workflow fromG:/Repos/Marketplace/ARGUS_PUBLICATION.md; do not publish through HTTP admin APIs. - Verify the published manifest and download with
scripts/verify-production-state.ps1 -VerifyAndroidDownloadfrom the repository root.