I made a FDroid repo and I put that in a server in the internet, And my web server is apache2. It has an address URL. Clients can access my repo by going to Settings section of fdroid client and adding a repository and it's address URL. But I want to set an authentication mechanism to allow access to only specific users. Authentication mechanism could be either username/password or certificate based. How can I set an authentication method for accessing my FDroid repo ?
Does Fdroid support client authentication for accessing a repo? or I have to change fdroid client source code?
FDroid server is completely static and no server code runs in server , Apache serves a number of static files (.xml , .jar and apks) which maked by FDroid previously. I have a simple idea to set username/password for https server and clients enter URL have to enter their username/password otherwise access to files is prohibited. Does fdroid client support this method of authentication? Anyone has a good idea of client access control to Fdroid repos?
There are two ways to add authentication to an F-Droid repo without making a custom client:
The first method is more complicated to setup, but gives you easier finegrained access controls (e.g. an account per user). The second method is very simple, but anyone who has the URL will have access, and it will be very difficult to change that "password" path segment since all users would then lose access.