1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 14:30:11 +01:00
Commit Graph

184 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
4e28fad55a use constants for names used in the config dict
Hopefully this helps with the Anti-Features case confusion:
* antifeatures
* antiFeatures
* AntiFeatures
2023-07-25 14:31:09 +00:00
Hans-Christoph Steiner
6b82710039 test load_localized_config() with categories 2023-06-02 13:28:53 +02:00
Hans-Christoph Steiner
bc58959315 purge remnants of repo/categories.txt, which is long unused 2023-06-02 13:26:03 +02:00
Hans-Christoph Steiner
d6dba05ec3 test load_localized_locale() and translated Anti-Features 2023-05-10 13:34:09 +02:00
Hans-Christoph Steiner
36d2a8f899
all ndk paths in config must be strings
The paths in the config must be strings because they are used in things
like env vars where they must be strings.  Plus lots of other places in the
code assumes they are strings.  This is the first step to defining the
border of where paths can be pathlib.Path() and where they must be strings.
2023-04-11 13:54:19 +02:00
Hans-Christoph Steiner
898624dcac
common.get_android_tools_versions() for modern NDK dir layout
NDK r10e is still in use, but is so old, it does not have the modern
sdkmanager package metadata.
2023-04-11 13:54:17 +02:00
Hans-Christoph Steiner
0dd5a7db64
remove NDK download handling in favor of fdroid/sdkmanager 2023-04-11 13:54:05 +02:00
Hans-Christoph Steiner
94badac317 set skipUnless for test that relies on ANDROID_HOME
This job just started failing, but wasn't before:
https://gitlab.com/eighthave/fdroidserver/-/jobs/4060582594

But I look at it, and it looks right that it fails.  So how on earth
was it succeeding before?  Basically the `os.getenv('ANDROID_HOME')`
returns `None` when `ANDROID_HOME` is not set. It is not set in both the
jobs, so how did it not stacktrace before?
2023-04-04 22:41:46 +02:00
Hans-Christoph Steiner
dd16076651
add verify_jar_signature() to verify entry.jar 2023-03-09 12:34:55 +01:00
Hans-Christoph Steiner
98448e0481 purge all references to zipalign, that is delegated to other things
Things like apksigner and @obfusk's tools handle this now.
jarsigner is used in the test, since that's the most common use of
`common.find_sdk_tools_cmd()`.

closes #1100
2023-02-22 14:45:51 +01:00
Hans-Christoph Steiner
5af5ed2759 fix test_fill_config_defaults_java for non-amd64 arches 2023-02-21 11:20:16 +01:00
Hans-Christoph Steiner
24df262f6b handle str and pathlib.Path in getvcs() 2023-02-21 11:20:15 +01:00
Hans-Christoph Steiner
b8f59097f7 purge all vestiges of the unused fdroid stats, closes #839
* for f in locale/*/LC_MESSAGES/fdroidserver.po; do msgattrib --set-obsolete --no-wrap --ignore-file=locale/fdroidserver.pot -o $f $f; done
* sed -i 's, \.\./fdroidserver/stats\.py,,' locale/*/LC_MESSAGES/fdroidserver.po
2023-02-19 22:54:38 +01:00
Hans-Christoph Steiner
58cfce106b add test_sign_apk_fail and test_sign_apk_corrupt 2023-02-19 13:39:48 +01:00
Hans-Christoph Steiner
f468270aa8
support Java 20, which is already in Debian/unstable, closes #1070 2023-02-17 16:35:20 +01:00
Simon Brand
4a581bdfb6 Remove path workarounds for old python versions 2023-02-15 19:25:48 +00:00
Jochen Sprickerhof
6ba40b7349 common tests: use patch.dict for os.environ 2023-02-08 18:14:36 +01:00
Jochen Sprickerhof
d29a486e31 tests: use context manager and/or standard setup temp files 2023-02-08 18:12:35 +01:00
Hans-Christoph Steiner
01f7dfd0b3 index-v2.jar is not a valid file, remove references
entry.jar is the signed file, it references index-v2.json.
2022-11-15 13:22:09 +00:00
Jochen Sprickerhof
1bb963d768
jarsigner: allow weak signatures
openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:

jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar

         131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
         252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
        2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
           0 Fri Dec 02 20:09:58 CET 2016 META-INF/
 m  ?  48743 Fri Dec 02 20:09:58 CET 2016 index.xml

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  ? = unsigned entry

- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
    Digest algorithm: SHA1 (disabled)
    Signature algorithm: SHA1withRSA (disabled), 4096-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
557fe87d44 Run shell scripts with -e (Closes: #1035)
Make sudo, init prebuild, build and Prepare fields lists and only
concatenate them with '; ' before execution. This allows arbitrary
commands inside the fileds (even && and ';') as we don't need to split
the commands again for rewritemeta.
2022-11-03 12:25:31 +00:00
Jochen Sprickerhof
5e1bdfc278
Fix ipfs test config 2022-10-24 11:43:47 +02:00
linsui
5a28f20301 make versionCode/build.timeout an integer
Co-authored-by: Jochen Sprickerhof <git@jochen.sprickerhof.de>
2022-10-14 08:42:26 +00:00
Hans-Christoph Steiner
353ee84a6f
test that get_apk_id throws exceptions (issuebot#60) 2022-10-11 16:36:11 +02:00
Jochen Sprickerhof
f96f247095
Add test for git getref 2022-09-15 13:32:11 +02:00
pmmayero
0ad45a94a8 Addition of IPFS CIDv1 to Index
IPFS CIDv1 is only generated for APKs and "repo files"
2022-09-14 09:28:02 +00:00
FestplattenSchnitzel
7c89e923f6 Move methods specific to import to it's module 2022-08-24 22:21:37 +02:00
linsui
516a0c2ce8 Fix tag match with GitPython 2022-08-24 10:50:09 +00:00
Jochen Sprickerhof
7822db2881 Catch DefusedXmlException (as ValueError)
defusedxml can't handle the nbsp in the strings.xml (etree can).
2022-07-25 09:30:25 +02:00
Hans-Christoph Steiner
2bf6848391 test_find_apksigner_system_package_android_home if build_tools is new enough 2022-06-08 20:39:44 +02:00
Hans-Christoph Steiner
3182b77d18
use apksigner to sign index-v2 with modern, supported algorithms
The current signing method uses apksigner to sign the JAR so that it
will automatically select algorithms that are compatible with Android
SDK 23, which added the most recent algorithms:
https://developer.android.com/reference/java/security/Signature

This signing method uses then inherits the default signing algothim
settings, since Java and Android both maintain those.  That helps
avoid a repeat of being stuck on an old signing algorithm.  That means
specifically that this call to apksigner does not specify any of the
algorithms.

The old indexes must be signed by SHA1withRSA otherwise they will no
longer be compatible with old Androids.

apksigner 30.0.0+ is available in Debian/bullseye, Debian/buster-backports,
Ubuntu 21.10, and Ubuntu 20.04 from the fdroid PPA.  Here's a quick way to
test:

for f in `ls -1 /opt/android-sdk/build-tools/*/apksigner | sort ` /usr/bin/apksigner; do printf "$f : "; $f sign --v4-signing-enabled false; done

closes #1005
2022-06-07 16:56:23 +02:00
Hans-Christoph Steiner
c6dcc82ca4 allow common.get_apk_id() to be used in the API
If a project uses fdroidserver as a library, then just calls
common.get_apk_id(), it will now work.  Before, that project would have had
to include something like `common.config = {}` to avoid a stacktrace.
2022-05-26 22:18:21 +02:00
Hans-Christoph Steiner
2639909f90 add test cases for parsing smartcardoptions config field 2022-05-26 16:49:43 +02:00
Jochen Sprickerhof
d70e5c2cd9 Index v2 2022-05-23 10:39:17 +00:00
Sergey Bobrenok
46f4205fff Avoid zero-length prefixes in PATH
A zero-length prefix in PATH is a legacy feature that indicates the
current working directory.

https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03

Found in ru.nsu.bobrofon.easysshfs, see:
https://gitlab.com/fdroid/fdroiddata/-/merge_requests/10953#note_921802636
2022-04-24 16:33:33 +03:00
Jochen Sprickerhof
5f3eb601df Add check for repo/archive_url 2022-04-21 11:16:14 +02:00
Hans-Christoph Steiner
d1fd58681e
nightly: stop stripping APKs before signing, apksigner does it
* https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1033#note_742563869
* https://github.com/wardvl/f-droid-nightly-action/issues/3
2022-02-22 22:29:09 +01:00
jugendhacker
b236773455 Fix subproject regex to allow subdir without colon 2021-11-30 08:28:17 +00:00
Jochen Sprickerhof
a5deaa80d8 Parse single digit sizes
Closes: #946
2021-11-27 21:44:47 +01:00
Gaurav Ujjwal
aead3310bd NDK Install: Handle symlinks present in NDK zip 2021-11-03 08:13:21 +00:00
Hans-Christoph Steiner
c71c2465d3
tests: silence the linters 2021-09-20 10:51:54 +02:00
Hans-Christoph Steiner
d6fd165444 test whether NDK version parsing is working properly 2021-09-20 10:18:16 +02:00
Jochen Sprickerhof
331b4830dd Support multiple flavours in parse_androidmanifests
Previously only the last flavour was checked.
2021-07-24 21:20:19 +02:00
Hans-Christoph Steiner
40c77892a2
do not crash when config.yml is 0 bytes or empty of data 2021-07-01 14:45:35 +02:00
linsui
763a2ee80d fix invalid extension of output apk 2021-06-24 13:42:10 +00:00
Hans-Christoph Steiner
78d37bb13b switch to allow/block list terminology throughout code base
allowlist and blocklist are much clearer terms with no cultural baggage.
This changes all "whitelist" references to "allowlist", and all "blacklist"
references to "blocklist".
2021-06-18 18:26:50 +00:00
Hans-Christoph Steiner
36849b2fba
skip tests on Windows that need bash 2021-06-18 11:12:22 +02:00
Hans-Christoph Steiner
1f5534d060
require config.yml use UTF-8 as encoding
config.yml requires ASCII or UTF-8 encoding because this code does not
auto-detect the file's encoding.  That is left up to the YAML library.
YAML allows ASCII, UTF-8, UTF-16, and UTF-32 encodings.  Since it is a
good idea to manage config.yml (WITHOUT PASSWORDS!) in git, it makes
sense to use a globally standard encoding.
2021-06-18 11:12:20 +02:00
Hans-Christoph Steiner
48c4354629
always open Android source files as UTF-8
Android Studio recommends "you use UTF-8 encoding whenever possible",
so this code assumes the files use UTF-8.  UTF-8 is also the default
encoding on GNU/Linux and macOS.
https://sites.google.com/a/android.com/tools/knownissues/encoding

Windows will probably default to UTF16, since that's the native
encoding for files.  So forcing things to use UTF-8 should help
compatibility.
2021-06-18 11:12:18 +02:00
Jochen Sprickerhof
4e97b58d8c latesttags revert to git log and fix comma handling
2de34312 tried to fix the comma handling by relying on git tag --sort.
This did not work out so this reverts to the method used before.
2021-06-15 08:39:59 +02:00