kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-10-01 08:40:11 +02:00
Code Activity

build: check AllowedAPKSigningKeys in reproducible build scenario

Browse Source 
The builder should check the `AllowedAPKSigningKeys` at build time, so
that the CI can check if somebody gives a wrong value that doesn't match
a compared RB binary.  In the event it fails, it gives useful
information, and in the event it succeeds, it makes it clear that this
build has verification back to the developer's original key.

Also, add tests for this to the test suite.
This commit is contained in:
Jason A. Donenfeld 2023-04-18 14:38:58 +02:00 committed by Hans-Christoph Steiner
parent 8a0b7e5b1b
commit 26472c22ce
2 changed files with 75 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
fdroidserver/build.py
View File

@ -1112,6 +1112,34 @@ def main():
'supplied reference binary ' 'supplied reference binary '
'successfully') 'successfully')
used_key = common.apk_signer_fingerprint(of)
expected_keys = app['AllowedAPKSigningKeys']
if used_key is None:
logging.warn(_('reference binary missing '
'signature'))
elif len(expected_keys) == 0:
logging.warn(_('AllowedAPKSigningKeys missing '
'but reference binary supplied'))
elif used_key not in expected_keys:
if options.test:
logging.warning(_('Keeping failed build "{apkfilename}"')
.format(apkfilename=unsigned_apk))
else:
logging.debug('removing %s', unsigned_apk)
os.remove(unsigned_apk)
logging.debug('removing %s', of)
os.remove(of)
raise FDroidException('supplied reference '
'binary signed with '
'{signer} instead of '
'with {expected}'.
format(signer=used_key,
expected=expected_keys))
else:
logging.info(_('supplied reference binary has '
'allowed signer {signer}').
format(signer=used_key))
build_succeeded_ids.append([app['id'], build.versionCode]) build_succeeded_ids.append([app['id'], build.versionCode])
if not options.onserver: if not options.onserver:

51
tests/build.TestCase
View File

@ -627,6 +627,9 @@ class BuildTest(unittest.TestCase):
} }
) )
app['Builds'] = [build] app['Builds'] = [build]
expected_key = 'a' * 64
bogus_key = 'b' * 64
app['AllowedAPKSigningKeys'] = [expected_key]
fdroidserver.metadata.write_metadata(metadata_file, app) fdroidserver.metadata.write_metadata(metadata_file, app)
os.makedirs(os.path.join('unsigned', 'binaries')) os.makedirs(os.path.join('unsigned', 'binaries'))
@ -657,13 +660,32 @@ class BuildTest(unittest.TestCase):
a, b, c, d, e, f # silence linters' "unused" warnings a, b, c, d, e, f # silence linters' "unused" warnings
with mock.patch('sys.argv', ['fdroid build', appid]): with mock.patch('sys.argv', ['fdroid build', appid]):
# successful comparison # successful comparison, successful signer
open(production_result, 'w').close() open(production_result, 'w').close()
open(production_compare_file, 'w').close() open(production_compare_file, 'w').close()
with mock.patch('fdroidserver.common.verify_apks', lambda *args: None): with mock.patch(
'fdroidserver.common.verify_apks', lambda *args: None
) as g, mock.patch(
'fdroidserver.common.apk_signer_fingerprint',
lambda *args: expected_key,
) as h:
g, h
fdroidserver.build.main() fdroidserver.build.main()
self.assertTrue(os.path.exists(production_result)) self.assertTrue(os.path.exists(production_result))
self.assertTrue(os.path.exists(production_compare_file)) self.assertTrue(os.path.exists(production_compare_file))
# successful comparison, failed signer
open(production_result, 'w').close()
open(production_compare_file, 'w').close()
with mock.patch(
'fdroidserver.common.verify_apks', lambda *args: None
) as g, mock.patch(
'fdroidserver.common.apk_signer_fingerprint',
lambda *args: bogus_key,
) as h:
g, h
fdroidserver.build.main()
self.assertFalse(os.path.exists(production_result))
self.assertFalse(os.path.exists(production_compare_file))
# failed comparison # failed comparison
open(production_result, 'w').close() open(production_result, 'w').close()
open(production_compare_file, 'w').close() open(production_compare_file, 'w').close()
@ -675,15 +697,36 @@ class BuildTest(unittest.TestCase):
self.assertFalse(os.path.exists(production_compare_file)) self.assertFalse(os.path.exists(production_compare_file))
with mock.patch('sys.argv', ['fdroid build', '--test', appid]): with mock.patch('sys.argv', ['fdroid build', '--test', appid]):
# successful comparison # successful comparison, successful signer
open(test_result, 'w').close() open(test_result, 'w').close()
open(test_compare_file, 'w').close() open(test_compare_file, 'w').close()
with mock.patch('fdroidserver.common.verify_apks', lambda *args: None): with mock.patch(
'fdroidserver.common.verify_apks', lambda *args: None
) as g, mock.patch(
'fdroidserver.common.apk_signer_fingerprint',
lambda *args: expected_key,
) as h:
g, h
fdroidserver.build.main() fdroidserver.build.main()
self.assertTrue(os.path.exists(test_result)) self.assertTrue(os.path.exists(test_result))
self.assertTrue(os.path.exists(test_compare_file)) self.assertTrue(os.path.exists(test_compare_file))
self.assertFalse(os.path.exists(production_result)) self.assertFalse(os.path.exists(production_result))
self.assertFalse(os.path.exists(production_compare_file)) self.assertFalse(os.path.exists(production_compare_file))
# successful comparison, failed signer
open(test_result, 'w').close()
open(test_compare_file, 'w').close()
with mock.patch(
'fdroidserver.common.verify_apks', lambda *args: None
) as g, mock.patch(
'fdroidserver.common.apk_signer_fingerprint',
lambda *args: bogus_key,
) as h:
g, h
fdroidserver.build.main()
self.assertTrue(os.path.exists(test_result))
self.assertFalse(os.path.exists(test_compare_file))
self.assertFalse(os.path.exists(production_result))
self.assertFalse(os.path.exists(production_compare_file))
# failed comparison # failed comparison
open(test_result, 'w').close() open(test_result, 'w').close()
open(test_compare_file, 'w').close() open(test_compare_file, 'w').close()