1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 22:40:12 +01:00
Commit Graph

5027 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
8a58ee72e3 travis-ci: include new android-sdk-license on OSX 2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
173a35b190 tests: only generate keystores when that is actually being tested
Generating a keystore is quite slow since it means a new RSA key is created.
That only needs to happen in the tests that check that it actually happened,
otherwise the test can just reuse the stored test keystore.

closes #432
2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
eb81eaa574 README: document test suite (closes #432) 2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
7fcb4da0e6 travis-ci: show sdkmanager logs 2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
2659312a7c update: support working with old versions of PIL/Pillow
Image.close() was added in Pillow 2.4 or so.
2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
9087ec76f3 build: use dpkg to purge sudo, for less spammy debug logs
apt is quite verbose:
DEBUG: buildserver > DEBUG: > sudo SUDO_FORCE_REMOVE=yes apt-get -y purge sudo
DEBUG: buildserver > Reading package lists...

DEBUG: buildserver > Building dependency tree...
DEBUG: buildserver > Reading state information...
DEBUG: buildserver > The following package was automatically installed and is no longer required:
DEBUG: buildserver >   libasprintf0c2
DEBUG: buildserver > Use 'apt-get autoremove' to remove it.
DEBUG: buildserver > The following packages will be REMOVED:
DEBUG: buildserver >   sudo*

DEBUG: buildserver > 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
DEBUG: buildserver > After this operation, 2,391 kB disk space will be freed.
DEBUG: buildserver > (Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 73055 files and directories currently installed.)
DEBUG: buildserver > Removing sudo (1.8.10p3-1+deb8u5) ...
DEBUG: buildserver > Purging configuration files for sudo (1.8.10p3-1+deb8u5) ...
DEBUG: buildserver > Processing triggers for man-db (2.7.0.2-5) ...
2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
781e3c785f always hide PIL.PngImagePlugin's "STREAM" debug messages
Otherwise, enabling verbose messages gives tons of these messages:
DEBUG: STREAM b'IHDR' 16 13
DEBUG: STREAM b'IDAT' 41 32768
2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
22aaa3dcbb Revert "revert reverted checksum of platform-27_r01.zip (google tampered there again)"
This reverts commit 7f13675b8c.
2017-12-20 13:36:53 +01:00
Hans-Christoph Steiner
3d91e6a5b5 jenkins-test: import secret key into test GNUPGHOME
Can't run `fdroid gpgsign` without a secret key!
2017-12-20 13:36:53 +01:00
Hans-Christoph Steiner
39b76b0eda scanner: fix tests so they work on all tested platforms
The standard test configuration is needed to make the tests reliably. Also,
these tests used some odd yield logic.  Who knows what exactly failed, but
these tests should be reliable.

* https://gitlab.com/fdroid/fdroidserver/-/jobs/44984595
* https://gitlab.com/fdroid/fdroidserver/-/jobs/44984596
* https://travis-ci.org/f-droid/fdroidserver/builds/318071369
2017-12-19 22:51:40 +01:00
Hans-Christoph Steiner
86c5598307 Merge branch 'whitelist-firebase' into 'master'
Whitelist some open-source firebase libs

See merge request fdroid/fdroidserver!411
2017-12-18 12:30:30 +00:00
Hans-Christoph Steiner
873ff20a3c Merge branch '430-UnboundLocalError-local-variable-im-referenced-before-assignment' into 'master'
fix handling unreadable images in update.extract_apk_icons

Closes #430

See merge request fdroid/fdroidserver!416
2017-12-18 08:56:27 +00:00
Michael Pöhn
c17aeb5231 fix handling unreadable images in update.extract_apk_icons 2017-12-16 22:06:20 +01:00
Marcus
82badb8921 Merge branch '431-Invalid-checksum-platform-27_r01.zip' into 'master'
revert reverted checksum of platform-27_r01.zip (google tampered there again)

Closes #431

See merge request fdroid/fdroidserver!415
2017-12-16 15:46:10 +00:00
Michael Pöhn
7f13675b8c revert reverted checksum of platform-27_r01.zip (google tampered there again) 2017-12-16 16:23:06 +01:00
Marcus
86cb8cbce7 Merge branch 'build-tools_r27.0.2' into 'master'
makebuildserver: add build-tools_r27.0.2

See merge request fdroid/fdroidserver!413
2017-12-15 12:14:00 +00:00
Marcus
a6928571a5 Merge branch 'gradle-4.4' into 'master'
makebuildserver: add Gradle 4.4

See merge request fdroid/fdroidserver!412
2017-12-15 11:55:13 +00:00
relan
b2213f1e62 makebuildserver: add build-tools_r27.0.2 2017-12-15 14:34:40 +03:00
relan
b16669b2a0 makebuildserver: add Gradle 4.4 2017-12-15 14:32:34 +03:00
Hans-Christoph Steiner
985e6189eb Merge branch 'security-fixes' into 'master'
security fixes for Janus and image metadata exploits

See merge request fdroid/fdroidserver!409
2017-12-15 11:22:56 +00:00
Jan Berkel
365834d3ea Convert to string 2017-12-15 00:58:46 +01:00
Jan Berkel
5dee23f7a6 Add a simple test for scanner 2017-12-15 00:37:52 +01:00
Jan Berkel
62d1c672f3 whitelist some open-source firebase libs 2017-12-14 22:03:48 +01:00
Hans-Christoph Steiner
2e531af58f build: force purging of sudo, ignore error message
Fixes bb758d3f, spotted by @bubu:
DEBUG: buildserver > DEBUG: > sudo apt-get -y purge sudo
DEBUG: buildserver > Reading package lists...
DEBUG: buildserver > Building dependency tree...
DEBUG: buildserver > Reading state information...
DEBUG: buildserver > The following packages will be REMOVED:
DEBUG: buildserver >   sudo*
DEBUG: buildserver > 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
DEBUG: buildserver > After this operation, 2,391 kB disk space will be freed.
(Reading database ... 68491 files and directories currently installed.)
DEBUG: buildserver > Removing sudo (1.8.10p3-1+deb8u4) ...
DEBUG: buildserver > You have asked that the sudo package be removed,
DEBUG: buildserver > but no root password has been set.
DEBUG: buildserver > Without sudo, you may not be able to gain administrative privileges.
DEBUG: buildserver >
DEBUG: buildserver > If you would prefer to access the root account with su(1)
DEBUG: buildserver > or by logging in directly,
DEBUG: buildserver > you must set a root password with "sudo passwd".
DEBUG: buildserver >
DEBUG: buildserver > If you have arranged other means to access the root account,
DEBUG: buildserver > and you are sure this is what you want,
DEBUG: buildserver > you may bypass this check by setting an environment variable
DEBUG: buildserver > (export SUDO_FORCE_REMOVE=yes).
DEBUG: buildserver >
DEBUG: buildserver > Refusing to remove sudo.
DEBUG: buildserver > dpkg: error processing package sudo (--purge):
DEBUG: buildserver >  subprocess installed pre-removal script returned error exit status 1
DEBUG: buildserver > Errors were encountered while processing:
DEBUG: buildserver >  sudo
DEBUG: buildserver > E: Sub-process /usr/bin/dpkg returned an error code (1)
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
42522c23c9 update: do not crash if AndroidManifest.xml in APK has invalid date
This crash actually blocked a Janus exploit APK from being added to the
repo, but crashing isn't really the appropriate way to do that.
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
8f45796ecb update: close unclosed Image instance 2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
387eebc4d6 update: strip all metadata from PNGs
This strips metadata and optimizes the compression of all PNGs copied
from the app's source repo as well as all the icons extracted from the
APKs.  There have been exploits delivered via image metadata, and
F-Droid isn't using it all, so its best to just remove it.

This unfortunately uncompresses and recompresses the files.  Luckily,
that's a lossless procedure with PNGs, and we might end up with
smaller files.  The only tool I could find that strips without
changing the image data is exiftool, but that is written in Perl.
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
67b9514c5a update: strip EXIF data from all JPEGs
EXIF data can be abused to exploit systems a lot easier than the JPEG image
data can.  The F-Droid ecosystem does not use the EXIF data, so keep things
safe and strip it all away.  There is a chance that some images might rely
on the rotation to be set by EXIF, but I think having a safe system is more
important.

If needed, only the rotation data could be saved.  But that then makes it
hard to tell which images have been stripped.  This way, if there is no
EXIF, it has been stripped.  And if there is EXIF data, then it is suspect.

https://securityaffairs.co/wordpress/51043/mobile-2/android-cve-2016-3862-flaw.html
https://threatpost.com/google-shuts-down-potentially-massive-android-bug/120393/
https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html

The big downside of this is that it decompresses and recompresses the
image data.  That should be replaced by a technique from jhead,
exiftool, ObscuraCam, etc. that only strips the metadata.
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
bde0558d82 update: reject APKs with invalid file sig, probably Janus exploits
This just checks the first four bytes of the APK file, aka the "file
signature", to make sure it is the ZIP signature and not the DEX signature.
This was checked against the test APK, and I ran it against some known
malware and all of f-droid.org to make sure it works.

All valid ZIP files (therefore APK files) should start with the ZIP
Local File Header of four bytes.

https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
5ce950e748 update: print warnings for all KnownVulns found
Some baby steps towards making the KnownVuln stuff more visible.
2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
ca50adb2e5 update: switch tests to using standardized setUp() method 2017-12-14 16:57:22 +01:00
Hans-Christoph Steiner
61aac0503a Merge branch 'fixFlavor' into 'master'
Regex only for flavor blocks: flavor { ... }

See merge request fdroid/fdroidserver!407
2017-12-14 16:56:01 +01:00
Hans-Christoph Steiner
bec4f7d547 add Conversations as gradle flavor test case 2017-12-14 16:52:02 +01:00
Hans-Christoph Steiner
538d7155b4 jenkins-build-all: improve detection of working buildserver VM
If I manually run some steps of the process, not all of the normal cruft
might be left behind.  I'm not really sure which of the multiple copies of
the images are actually required, but these both seem to work when present.
2017-12-14 10:41:11 +01:00
Hans-Christoph Steiner
cc0399e740 Merge branch '428-Signature-key-fingerprint-of-file-stats-publishsigkeys-jar-does-not-match-repo_key_sha256-in-config-py' into 'master'
jenkins test: clear singing-key-fingerpring from previous run

Closes #428

See merge request fdroid/fdroidserver!410
2017-12-14 08:50:10 +00:00
Michael Pöhn
93c1c23a4b jenkins test: clear singing-key-fingerpring from previous run 2017-12-13 17:39:55 +01:00
Hans-Christoph Steiner
1f5818020d Merge branch 'fdroidserver-liberapay' into 'master'
Add Liberapay support

See merge request fdroid/fdroidserver!408
2017-12-12 16:55:05 +01:00
Hans-Christoph Steiner
8b9b18ceed fix metadata_v0 tests
The old metadata format didn't know anything of LiberapayID, so no need to
check for it.
2017-12-12 16:54:35 +01:00
Andrea Scarpino
19a83b6219 Add Liberapay support 2017-12-12 11:53:31 +01:00
Hans-Christoph Steiner
858b398927 Merge branch '1.0-polish' into 'master'
1.0 polish

Closes #424

See merge request fdroid/fdroidserver!405
2017-12-11 21:44:16 +00:00
Hans-Christoph Steiner
5c9d46b5b2 remove XML files from bash completion, they are not supported anymore 2017-12-11 22:11:16 +01:00
Hans-Christoph Steiner
bb758d3f00 build: apt-get purge sudo after using it for sudo= build field
Once `sudo` has been used to execute the commands in sudo=, then it should
be removed from the build VM.  That prevents any other part of the build
from using sudo.  That means that all commands run with `sudo` must be
committed to fdroiddata.git, making them very visible.

closes #424
2017-12-11 22:11:16 +01:00
Hans-Christoph Steiner
4af8f196e3 metadata: error if .fdroid.txt exists, it is unsupported
Using .txt format has bugs when used embedded in an app's git repo, so
tell the user to use YAML or JSON.

#364
2017-12-11 22:11:16 +01:00
Hans-Christoph Steiner
1d83d4396c makebuildserver: quiet rsync for copy_caches_from_host 2017-12-11 22:11:16 +01:00
Hans-Christoph Steiner
4835d7c20c Merge branch 'rational-jarsigner-logging' into 'master'
handle jarsigner/apksigner output cleanly for rational logging

Closes #405

See merge request fdroid/fdroidserver!404
2017-12-11 20:27:06 +00:00
tobiasKaminsky
03f301470e
regex only for flavor blocks: flavor { ... } and nothing else 2017-12-11 14:29:32 +01:00
Hans-Christoph Steiner
6640f276b0 Revert "makebuildserver: update SHA-256 for platform-27_r01.zip"
Looks like Google switched back to the old binary, which I guess is
good news?
https://issuetracker.google.com/issues/70292819

This reverts commit 956660085a.

!401
2017-12-08 09:44:10 +01:00
Hans-Christoph Steiner
5ac943a3f2 Merge branch 'yml_completion' into 'master'
bash completion: use correct yml suffix

See merge request fdroid/fdroidserver!406
2017-12-07 23:10:18 +00:00
Marcus Hoffmann
9270e68fe2 bash completion: use correct yml suffix 2017-12-07 23:29:34 +01:00
Hans-Christoph Steiner
4f43099c88 Merge branch 'more-nightly' into 'master'
More `fdroid nightly` polish

Closes #423

See merge request fdroid/fdroidserver!402
2017-12-07 22:11:40 +00:00