Last week, we put live a big update to the Nextcloud App Store bringing validation of certificate signatures, app ownership migration, better localization and other smaller improvements. With over 50 apps, the store is an important source for additional capabilities and features for Nextcloud users and customers.
The app store can now handle new Nextcloud versions and deal with a number of new XML elements. Users can switch between language comments and have post ratings in multiple languages!
A bigger improvement is that it is now possible to transfer ownership of an app so that if a maintainer steps down or a company wants another employee to handle uploading new versions, a new owner can take over.
For developers, the command line tool now has commands to update tokens, set a default password for an admin user for development and verify an email address
Architecture-wise, the frontend code was migrated Typescript + Webpack and the bug tracker now has to be present in info.xml, as does a proper max-version.
An important security measure in the app store is to cryptographically check the authorship of an app before it is delivered to users. A new improvement is that we now also cryptographically check the identity of developers before they can claim apps. Until now, it would have been possible for a developer who knew a public certificate of an app to ‘claim’ its ownership. He/she would not have been able to upload malicious content without knowing the signature but it was still not a situation we wanted to have.
Last but not least
Of course there were a number of bugfixes like fixing the Discourse forum links which had underscores in them, removal of duplicate language entries in comments, layout improvements, certificate validation error codes and more.
The new app store is a nice step forward, getting us ready for a big release coming up!