From a3e7eacc9b14a43ffde0df319d5099f04c21f19b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20P=C3=B6hn?= Date: Tue, 4 Apr 2017 18:58:16 +0200 Subject: [PATCH] compare apk with Binaries from metadata right after building --- fdroidserver/build.py | 35 +++++++++++++++++++++++++++++++++++ fdroidserver/common.py | 9 +++++---- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/fdroidserver/build.py b/fdroidserver/build.py index c63df9d1..e41b5d6a 100644 --- a/fdroidserver/build.py +++ b/fdroidserver/build.py @@ -28,6 +28,7 @@ import traceback import time import json import requests +import tempfile from configparser import ConfigParser from argparse import ArgumentParser import logging @@ -1218,8 +1219,42 @@ def main(): except requests.exceptions.HTTPError as e: raise FDroidException('downloading Binaries from %s failed' % url) from e + # Now we check weather the build can be verified to + # match the supplied binary or not. Should the + # comparison fail, we mark this build as a failure + # and remove everything from the unsigend folder. + with tempfile.TemporaryDirectory() as tmpdir: + unsigned_apk = \ + '{0}_{1}.apk'.format(appid, + build.versionCode) + unsigned_apk = os.path.join(output_dir, + unsigned_apk) + compare_result = \ + common.compare_apks(of, unsigned_apk, + tmpdir, log_dir, + skip_manual_diff=True) + if compare_result: + compare_result = compare_result.split('\n') + line_count = len(compare_result) + compare_result = compare_result[:299] + if line_count > len(compare_result): + line_difference = \ + line_count - len(compare_result) + compare_result.append('%d more lines ...' % + line_difference) + compare_result = '\n'.join(compare_result) + raise FDroidException('compared built binary ' + 'to supplied reference ' + 'binary but failed', + compare_result) + else: + logging.info('compared built binary to ' + 'supplied reference binary ' + 'successfully') + build_succeeded.append(app) wikilog = "Build succeeded" + except VCSException as vcse: reason = str(vcse).split('\n', 1)[0] if options.verbose else str(vcse) logging.error("VCS error while building app %s: %s" % ( diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 8ced40c9..181c1fd9 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -2049,7 +2049,7 @@ def verify_apk_signature(apk, jar=False): apk_badchars = re.compile('''[/ :;'"]''') -def compare_apks(apk1, apk2, tmp_dir, log_dir=None): +def compare_apks(apk1, apk2, tmp_dir, log_dir=None, skip_manual_diff=False): """Compare two apks Returns None if the apk content is the same (apart from the signing key), @@ -2101,9 +2101,10 @@ def compare_apks(apk1, apk2, tmp_dir, log_dir=None): p = FDroidPopen(['diff', '-r', apk1dir, apk2dir], output=False) lines = p.output.splitlines() if len(lines) != 1 or 'META-INF' not in lines[0]: - meld = find_command('meld') - if meld is not None: - p = FDroidPopen(['meld', apk1dir, apk2dir], output=False) + if not skip_manual_diff: + meld = find_command('meld') + if meld is not None: + p = FDroidPopen(['meld', apk1dir, apk2dir], output=False) return("Unexpected diff output - " + p.output) # since everything verifies, delete the comparison to keep cruft down