Generate SSH keys on the device#963
Conversation
N.B. Requires API >= 26. Apache MINA SSHD is now the standard SSH transport library for JGit. It supports more modern key algorithms than Jsch. I have added a notification prompt to the user upon new or unexpected SSH server host key. I have no idea what I'm doing, but it seems to work.
A generated key can optionally be protected by biometric auth or device credential. This makes it harder to steal, but will obviously not play well with auto-sync. The default key type is EDCSA. ED25519 keys are faster, but not supported natively by the Android key store. The methods currently called when unlocking a ED25519 key do not respect the validity duration setting, which means that the key needs to be unlocked before each use. This may be twice during a sync, if we need to both fetch and push. RSA and EDCSA keys respect the validity duration setting, meaning we leave them unlocked for 15 seconds. A way to speed up Git syncing while requiring auth upon each key use would be to use SSH multiplexing and keep the SSH session open until we push (or decide not to push). I raised the minimum SDK version from 21 to 23. Otherwise we cannot include android-crypto in the manifest. N.B. Much of this code has been taken and re-worked from https://github.com/android-password-store/Android-Password-Store. That project is also GPL-3.0, but I don't know how to properly attribute those authors in the Orgzly code base.
- Make "git push" run blocking. Mostly to make the "syncing in progress" status information more reliable. - Show more informative snackbar when "git push" goes wrong. The user will now find out if pushing fails because of e.g. missing write permission. - Remove two unused methods and an unused return value. - Tidy up some variables.
The TransportException class path was wrong, so the exception type was not being recognized. Make an attempt to find the cause if JGit throws the generic "remote hung up unexpectedly" exception.
We were always ending up in RepoCloneTask. Separate two different error cases, so that we can actually distinguish between them.
Also, use more specific inputTypes. Also, fix the branch name always showing as the default value
|
To anyone trying to run this code: You also need to merge #916 into your build, otherwise Orgzly has insufficient permissions in external storage to create the Git workdir. |
|
So to get this working, we need to build our own package? |
|
@amberin Would you be so kind to share a debug build of Orgzly apk that you're using? You've made numerous improvements to the app but from what I can see the review can take a little bit of time. Me (and I guess a couple of other folks) would be happy to... err... beta-test your changes :) The git repo sync that's in stable is completely broken and following your issues / PRs it seems it will take some time to fix that. Thanks for your work & time! 👋 |
|
@wiktor-k wrote:
Sure. I just made a build off this branch https://github.com/amberin/orgzly-android/commits/faster-git-syncing and uploaded it to a site that I control: https://www.koloni.info/orgzly-fdroid-debug-amberin-738c3e5.apk It's a build with all my latest changes which is working well for me. Be aware that I recently implemented deleting notebooks from the remote repository... Obviously, I give no guarantees that this APK will not completely ruin your Org files or your phone. :) I only have time to sit down with this a few times per year, so any bugs will not be fixed quickly. But it would be awesome if more people used the Git feature and could contribute to it. I guess this might also interest @Xanaxus @tillmann @maikol-solis @mtekman. |
|
Hey so i did give it go just now and i got an error which says that the said packagee is invalid I am using an oppo reno 6 5g variant |
@Xanaxus Sorry, I uploaded the wrong APK. The link should work now. (It works for a friend of mine.) |
|
Closing this in favor of #1037. |
3 participants
N. B. This branch builds on top of #948.
Includes some minor general polish of Git-related code.