From 3f09e87346bc0b80f04a906fb13c1d155b94c708 Mon Sep 17 00:00:00 2001
From: Newbyte <newbyte@postmarketos.org>
Date: Wed, 2 Jul 2025 17:17:23 +0200
Subject: [PATCH] pmb.helpers.apk_static: Update "malicious server" message

While this hypothetically could be triggered by a malicious server,
more likely is that this would be caused by a bug in pmbootstrap. As
such, soften the message a bit and also remove references to the removed
-m flag.

Fixes ebfda16d6d0cda211d2dfb00c371d39bce0f4cbd

Part-of: https://gitlab.postmarketos.org/postmarketOS/pmbootstrap/-/merge_requests/2635
[ci:skip-build]: already built successfully in CI
---
 pmb/helpers/apk_static.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/pmb/helpers/apk_static.py b/pmb/helpers/apk_static.py
index f767932f..bfd14f90 100644
--- a/pmb/helpers/apk_static.py
+++ b/pmb/helpers/apk_static.py
@@ -141,12 +141,10 @@ def extract(version: str, apk_path: Path) -> None:
     if not version.startswith(f"{version_bin}"):
         os.unlink(temp_path)
         raise RuntimeError(
-            f"Downloaded apk-tools-static-{version}.apk,"
-            " but the apk binary inside that package reports"
-            f" to be version: {version_bin}!"
-            " Looks like a downgrade attack"
-            " from a malicious server! Switch the server (-m)"
-            " and try again."
+            f"Downloaded apk-tools-static-{version}.apk, but the apk binary inside that package"
+            f" reports to be version: {version_bin}! This could potentially be caused by a"
+            " downgrade attack from a malicious server or a bug in pmbootstrap. You can try"
+            " switching servers, see https://docs.postmarketos.org/pmbootstrap/mirrors.html"
         )
 
     # Move it to the right path