@capgo/capacitor-updater 5.40.5 → 5.42.3

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java

@@ -210,7 +210,7 @@ public class CryptoCipher {
                 detectedFormat = "base64";
             }
             logger.debug(
-                "Received encrypted checksum format: " +
+                "Received checksum format: " +
                     detectedFormat +
                     " (length: " +
                     checksum.length() +
@@ -218,6 +218,18 @@ public class CryptoCipher {
                     checksumBytes.length +
                     " bytes)"
             );
+
+            // RSA-2048 encrypted data must be exactly 256 bytes
+            // If the checksum is not 256 bytes, the bundle was not encrypted properly
+            if (checksumBytes.length != 256) {
+                logger.error(
+                    "Checksum is not RSA encrypted (size: " +
+                        checksumBytes.length +
+                        " bytes, expected 256 for RSA-2048). Bundle must be uploaded with encryption when public key is configured."
+                );
+                throw new IOException("Bundle checksum is not encrypted. Upload bundle with --key flag when encryption is configured.");
+            }
+
             PublicKey pKey = CryptoCipher.stringToPublicKey(publicKey);
             byte[] decryptedChecksum = CryptoCipher.decryptRSA(checksumBytes, pKey);
             // Return as hex string to match calcChecksum output format
@@ -357,8 +369,10 @@ public class CryptoCipher {
     }
 
     /**
-     * Get first 4 characters of the public key for identification.
-     * Returns 4-character string or empty string if key is invalid/empty.
+     * Get first 20 characters of the public key for identification.
+     * Returns 20-character string or empty string if key is invalid/empty.
+     * The first 12 chars are always "MIIBCgKCAQEA" for RSA 2048-bit keys,
+     * so the unique part starts at character 13.
      */
     public static String calcKeyId(String publicKey) {
         if (publicKey == null || publicKey.isEmpty()) {
@@ -371,7 +385,7 @@ public class CryptoCipher {
             .replace("-----BEGINRSAPUBLICKEY-----", "")
             .replace("-----ENDRSAPUBLICKEY-----", "");
 
-        // Return first 4 characters of the base64-encoded key
-        return cleanedKey.length() >= 4 ? cleanedKey.substring(0, 4) : cleanedKey;
+        // Return first 20 characters of the base64-encoded key
+        return cleanedKey.length() >= 20 ? cleanedKey.substring(0, 20) : cleanedKey;
     }
 }

package/android/src/main/java/ee/forgr/capacitor_updater/DownloadService.java

@@ -291,7 +291,7 @@ public class DownloadService extends Worker {
                 String fileHash = entry.getString("file_hash");
                 String downloadUrl = entry.getString("download_url");
 
-                if (!publicKey.isEmpty() && sessionKey != null && !sessionKey.isEmpty()) {
+                if (publicKey != null && !publicKey.isEmpty() && sessionKey != null && !sessionKey.isEmpty()) {
                     try {
                         fileHash = CryptoCipher.decryptChecksum(fileHash, publicKey);
                     } catch (Exception e) {
@@ -308,7 +308,9 @@ public class DownloadService extends Worker {
                 String targetFileName = isBrotli ? fileName.substring(0, fileName.length() - 3) : fileName;
 
                 File targetFile = new File(destFolder, targetFileName);
-                File cacheFile = new File(cacheFolder, finalFileHash + "_" + new File(fileName).getName());
+                String cacheBaseName = new File(isBrotli ? targetFileName : fileName).getName();
+                File cacheFile = new File(cacheFolder, finalFileHash + "_" + cacheBaseName);
+                final File legacyCacheFile = isBrotli ? new File(cacheFolder, finalFileHash + "_" + new File(fileName).getName()) : null;
                 File builtinFile = new File(builtinFolder, fileName);
 
                 // Ensure parent directories of the target file exist
@@ -324,7 +326,10 @@ public class DownloadService extends Worker {
                         if (builtinFile.exists() && verifyChecksum(builtinFile, finalFileHash)) {
                             copyFile(builtinFile, targetFile);
                             logger.debug("using builtin file " + fileName);
-                        } else if (tryCopyFromCache(cacheFile, targetFile, finalFileHash)) {
+                        } else if (
+                            tryCopyFromCache(cacheFile, targetFile, finalFileHash) ||
+                            (legacyCacheFile != null && tryCopyFromCache(legacyCacheFile, targetFile, finalFileHash))
+                        ) {
                             logger.debug("already cached " + fileName);
                         } else {
                             downloadAndVerify(downloadUrl, targetFile, cacheFile, finalFileHash, sessionKey, publicKey, finalIsBrotli);
@@ -388,8 +393,9 @@ public class DownloadService extends Worker {
         sendStatsAsync("download_zip_start", version);
 
         File target = new File(documentsDir, dest);
-        File infoFile = new File(documentsDir, UPDATE_FILE);
-        File tempFile = new File(documentsDir, "temp" + ".tmp");
+        // Use bundle ID in temp file names to prevent collisions when multiple downloads run concurrently
+        File infoFile = new File(documentsDir, "update_" + id + ".dat");
+        File tempFile = new File(documentsDir, "temp_" + id + ".tmp");
 
         // Check available disk space before starting
         long availableSpace = target.getParentFile().getUsableSpace();
@@ -420,7 +426,7 @@ public class DownloadService extends Worker {
                     reader = new BufferedReader(new FileReader(infoFile));
                     String updateVersion = reader.readLine();
                     if (updateVersion != null && !updateVersion.equals(version)) {
-                        clearDownloadData(documentsDir);
+                        clearDownloadData(documentsDir, id);
                     } else {
                         downloadedBytes = tempFile.length();
                     }
@@ -432,7 +438,7 @@ public class DownloadService extends Worker {
                     }
                 }
             } else {
-                clearDownloadData(documentsDir);
+                clearDownloadData(documentsDir, id);
             }
 
             if (downloadedBytes > 0) {
@@ -544,9 +550,9 @@ public class DownloadService extends Worker {
         }
     }
 
-    private void clearDownloadData(String docDir) {
-        File tempFile = new File(docDir, "temp" + ".tmp");
-        File infoFile = new File(docDir, UPDATE_FILE);
+    private void clearDownloadData(String docDir, String id) {
+        File tempFile = new File(docDir, "temp_" + id + ".tmp");
+        File infoFile = new File(docDir, "update_" + id + ".dat");
         try {
             tempFile.delete();
             infoFile.delete();
@@ -632,7 +638,7 @@ public class DownloadService extends Worker {
                 // Use OkIO for atomic write
                 writeFileAtomic(compressedFile, responseBody.byteStream(), null);
 
-                if (!publicKey.isEmpty() && sessionKey != null && !sessionKey.isEmpty()) {
+                if (publicKey != null && !publicKey.isEmpty() && sessionKey != null && !sessionKey.isEmpty()) {
                     logger.debug("Decrypting file " + targetFile.getName());
                     CryptoCipher.decryptFile(compressedFile, publicKey, sessionKey);
                 }
@@ -824,12 +830,14 @@ public class DownloadService extends Worker {
     }
 
     /**
-     * Clean up old temporary files
+     * Clean up old temporary files (both .tmp and update_*.dat files)
      */
     private void cleanupOldTempFiles(File directory) {
         if (directory == null || !directory.exists()) return;
 
-        File[] tempFiles = directory.listFiles((dir, name) -> name.endsWith(".tmp"));
+        File[] tempFiles = directory.listFiles(
+            (dir, name) -> name.endsWith(".tmp") || (name.startsWith("update_") && name.endsWith(".dat"))
+        );
         if (tempFiles != null) {
             long oneHourAgo = System.currentTimeMillis() - 3600000;
             for (File tempFile : tempFiles) {

package/android/src/main/java/ee/forgr/capacitor_updater/Logger.java

@@ -28,30 +28,48 @@ public class Logger {
 
         LogLevel level;
         Map<String, String> labels;
+        boolean useSystemLog;
 
         Options() {
             level = LogLevel.info;
             labels = null;
+            useSystemLog = true; // Default to true for backward compatibility
         }
 
         Options(@NonNull Options other) {
             level = other.level;
             labels = other.labels;
+            useSystemLog = other.useSystemLog;
         }
 
         Options(LogLevel level) {
             this.level = level;
             this.labels = null;
+            useSystemLog = true;
         }
 
         Options(Map<String, String> labels) {
             this.level = LogLevel.info;
             this.labels = labels;
+            useSystemLog = true;
         }
 
         Options(LogLevel level, Map<String, String> labels) {
             this.level = level;
             this.labels = labels;
+            useSystemLog = true;
+        }
+
+        Options(LogLevel level, Map<String, String> labels, boolean useSystemLog) {
+            this.level = level;
+            this.labels = labels;
+            this.useSystemLog = useSystemLog;
+        }
+
+        Options(boolean useSystemLog) {
+            this.level = LogLevel.info;
+            this.labels = null;
+            this.useSystemLog = useSystemLog;
         }
     }
 
@@ -60,6 +78,7 @@ public class Logger {
     private String tag;
     private final ArrayMap<String, Long> timers = new ArrayMap<>();
     private final String kDefaultTimerLabel = "default";
+    private boolean useSystemLog;
 
     public void setBridge(Bridge bridge) {
         this.bridge = bridge;
@@ -77,6 +96,7 @@ public class Logger {
 
     private void init(String tag, @NonNull Options options) {
         this.level = options.level;
+        this.useSystemLog = options.useSystemLog;
         this.labels.putAll(
             Map.of(LogLevel.silent, "", LogLevel.error, "🔴", LogLevel.warn, "🟠", LogLevel.info, "🟢", LogLevel.debug, "\uD83D\uDD0E")
         );
@@ -210,20 +230,22 @@ public class Logger {
             tag = this.tag;
         }
 
-        // Always log to Android system log
-        switch (level) {
-            case error:
-                Log.e(tag, formattedMessage);
-                break;
-            case warn:
-                Log.w(tag, formattedMessage);
-                break;
-            case info:
-                Log.i(tag, formattedMessage);
-                break;
-            case debug:
-                Log.d(tag, formattedMessage);
-                break;
+        // Log to Android system log if enabled
+        if (useSystemLog) {
+            switch (level) {
+                case error:
+                    Log.e(tag, formattedMessage);
+                    break;
+                case warn:
+                    Log.w(tag, formattedMessage);
+                    break;
+                case info:
+                    Log.i(tag, formattedMessage);
+                    break;
+                case debug:
+                    Log.d(tag, formattedMessage);
+                    break;
+            }
         }
 
         // Send to JavaScript if webView is available

package/dist/docs.json

@@ -3627,6 +3627,22 @@
           "complexTypes": [],
           "type": "boolean | undefined"
         },
+        {
+          "name": "osLogging",
+          "tags": [
+            {
+              "text": "true",
+              "name": "default"
+            },
+            {
+              "text": "8.42.0",
+              "name": "since"
+            }
+          ],
+          "docs": "Enable OS-level logging. When enabled, logs are written to the system log which can be inspected in production builds.\n\n- **iOS**: Uses os_log instead of Swift.print, logs accessible via Console.app or Instruments\n- **Android**: Logs to Logcat (android.util.Log)\n\nWhen set to false, system logging is disabled on both platforms (only JavaScript console logging will occur if enabled).\n\nThis is useful for debugging production apps (App Store/TestFlight builds on iOS, or production APKs on Android).",
+          "complexTypes": [],
+          "type": "boolean | undefined"
+        },
         {
           "name": "shakeMenu",
           "tags": [

package/dist/esm/definitions.d.ts

@@ -1,4 +1,3 @@
-import '@capacitor/cli';
 import type { PluginListenerHandle } from '@capacitor/core';
 declare module '@capacitor/cli' {
     interface PluginsConfig {
@@ -309,6 +308,20 @@ declare module '@capacitor/cli' {
              * @since  7.3.0
              */
             disableJSLogging?: boolean;
+            /**
+             * Enable OS-level logging. When enabled, logs are written to the system log which can be inspected in production builds.
+             *
+             * - **iOS**: Uses os_log instead of Swift.print, logs accessible via Console.app or Instruments
+             * - **Android**: Logs to Logcat (android.util.Log)
+             *
+             * When set to false, system logging is disabled on both platforms (only JavaScript console logging will occur if enabled).
+             *
+             * This is useful for debugging production apps (App Store/TestFlight builds on iOS, or production APKs on Android).
+             *
+             * @default true
+             * @since  8.42.0
+             */
+            osLogging?: boolean;
             /**
              * Enable shake gesture to show update menu for debugging/testing purposes
              *

package/dist/esm/definitions.js

@@ -1,9 +1,3 @@
-/*
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/.
- */
-import '@capacitor/cli';
 /**
  * Update availability status.
  *