1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-15 19:30:31 +01:00
Commit Graph

8393 Commits

Author SHA1 Message Date
Jochen Sprickerhof
60be04336f Merge branch 'buildserver-needs-apksigner' into 'master'
buildserver: include apksigner for Binaries: verification

See merge request fdroid/fdroidserver!1205
2022-10-11 12:04:20 +00:00
Hans-Christoph Steiner
b58eaa224b buildserver: include apksigner for Binaries: verification
Verification of Binaries: happens in the buildserver VM first, so it needs
a matching version of apksigner as the rest of the process.  This fixes:
https://gitlab.com/fdroid/fdroidserver/-/jobs/3154772374
2022-10-11 12:03:55 +00:00
Hans-Christoph Steiner
d33907606e
gitlab-ci: install sdkmanager from bullseye-backports 2022-10-11 13:57:38 +02:00
Jochen Sprickerhof
c6f83a58f2 Merge branch 'mvn' into 'master'
remove MVN3

See merge request fdroid/fdroidserver!1203
2022-10-11 11:26:09 +00:00
linsui
e90f03a494 remove MVN3 2022-10-11 09:58:35 +00:00
Hans-Christoph Steiner
98437d88d0 Merge branch 'keep-fdroidserver-dependencies' into 'master'
buildserver: prevent fdroidserver deps from being purged in Docker

See merge request fdroid/fdroidserver!1204
2022-10-11 08:57:08 +00:00
Hans-Christoph Steiner
e192eb4a32
buildserver: prevent fdroidserver deps from being purged in Docker 2022-10-11 10:52:54 +02:00
Hans-Christoph Steiner
b4720d9201
gitlab-ci: fix reversed logic in docker push
I got it backwards in 66d8b783f0 from !1183
2022-10-11 09:53:42 +02:00
Hans-Christoph Steiner
b0124aca1a Merge branch 'upgrade_buildserver_vm' into 'master'
Upgrade Buildserver VM to latest Debian (Bullseye)

See merge request fdroid/fdroidserver!1012
2022-10-11 07:38:44 +00:00
Hans-Christoph Steiner
4e839ac63b switch to latest vagrant boxes 2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
a0ea27632e buildserver: use HTTPS for security.debian.org
It is now officially supported:
https://guardianproject.info/2021/12/08/debian-over-https/
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
4eb189ad2e gitlab-ci: plugin_fetchsrclibs runs in same base OS as fdroiddata 2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
c6f5956537 install Vagrant insecure_private_key into buildserver box
Vagrant uses the "insecure private key" to establish the first SSH
connection to a new VM based on a clean public box.  In theory, the
`vagrant package` command should do that automatically.  This process
is still using custom code instead of `vagrant package`, hence this
script.

This public key can be generated on any Vagrant install using:
  ssh-keygen -y -f  ~/.vagrant.d/insecure_private_key

https://www.vagrantup.com/docs/vagrantfile/ssh_settings#config-ssh-private_key_path
fdroid-bootstrap-buildserver#12
!1012
!1099
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
046d3c8dcf Use ssh_config.d 2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
c208582e75 Drop old java_paths 2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
9ddf38b69a Drop vagrant ssh config
Not needed and breaks login with debian/bullseye64 image.
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
dbaa3f6ec2 Stop installing ConstraintLayout
sdkmanager does not work anymore with Java 11 and these can be installed in
the app's build metadata.
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
f03e812a13 Drop obsolete apt-transport-https 2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
d762f423ce Install patch and rsync (required by fdroidserver) 2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
b4f8ab289d Use yaml.safe_* 2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
cb2c3a34bb remove hack to disable GNOME.Accessibility for minimal deps
This is commented out by default on all OpenJDK packages since Java 8.
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1012?diff_id=263085985#note_726457435

root@sid:/# grep Accessibility /etc/java-*-openjdk/accessibility.properties
/etc/java-11-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-17-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-18-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-8-openjdk/accessibility.properties:assistive_technologies=org.GNOME.Accessibility.AtkWrapper
2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
be5aefd3ee Install required packages for fdroidserver automatically 2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
cc641b5470 Stop adding i386 architecture to dpkg 2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
df46eb86c3 Upgrade Buildserver VM
Use Vagrant boxes built with cloud-team/debian-vagrant-images instead of fdroid/basebox,
Use Debian Bullseye (11) instead of Debian Stretch (9)
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
7accb96b9e Merge branch 'unified-scanner-signatures' into 'master'
cached scanner signatures

Closes #1008

See merge request fdroid/fdroidserver!1198
2022-10-06 14:09:49 +00:00
Hans-Christoph Steiner
9ccf583061 Apply 3 suggestion(s) to 2 file(s) 2022-10-06 13:55:38 +00:00
Michael Pöhn
e967fc61cf scanner: add regression tests for signautre load logic 2022-10-06 14:50:30 +02:00
Michael Pöhn
d815a64fdb scanner: filter urlopen schemes, mute bandit 2022-10-06 12:09:07 +02:00
Michael Pöhn
b7233dfb2e ignore cache write test case on older python versions 2022-10-06 12:09:07 +02:00
Michael Pöhn
59b1899d79 scanner: switch form iso8601 to unix timestamp for python3.5 support 2022-10-06 12:09:07 +02:00
Michael Pöhn
9560ed955c avoid running into native-date object issue
Seem I ran into this issue: https://bugs.python.org/issue47228  This
change tries to fix it by using utcnow insteas of astimezone.
2022-10-06 12:09:07 +02:00
Michael Pöhn
7933623e93 fix pydocstyle lint errors 2022-10-06 12:09:07 +02:00
Michael Pöhn
036b788424 move suss defaults into scanner.py
As discussed with _hc, we're going to keep the default values for
SUSS inside the python code for now. To avoid compilcated packaging
issues. Once fdroidserver does not have to support python verison older
than 3.7 we can utilize to `importlib.resources` for shipping these
defaults as separate file.
2022-10-06 12:09:07 +02:00
Michael Pöhn
0921863fa6 scanner: update suss defaults after removal of allowlisted feature 2022-10-06 12:09:07 +02:00
Michael Pöhn
6899c22f48 scanner: remove allowlisted from scan_source 2022-10-06 12:09:06 +02:00
Michael Pöhn
a8bcaa3d70 scanner: implement caching rules for suss 2022-10-06 12:09:06 +02:00
Michael Pöhn
bfcc30b854 add --refresh to scanner 2022-10-06 12:09:06 +02:00
Michael Pöhn
4a38908bd7 make cachedir subdirectories pick their place correctly based on parent folder 2022-10-06 12:09:06 +02:00
Michael Pöhn
1e6694112a rename to suss 2022-10-06 12:09:06 +02:00
Michael Pöhn
dc1a2db3f4 scanner: use Path.resovle instead of undocumented absolute() 2022-10-06 12:09:06 +02:00
Michael Pöhn
c9b59b525d fix timestamp check; remove dead code 2022-10-06 12:09:05 +02:00
Michael Pöhn
c10633eac5 convert fdroid scanner --exodus to SignatureDataController 2022-10-06 12:08:26 +02:00
Michael Pöhn
d5ef1b2e95 add --clear-cache option to scanner 2022-10-06 12:08:26 +02:00
Michael Pöhn
e4b54fe4a7 move NON_FREE_GRADLE_LINES to signature definition files 2022-10-06 12:08:26 +02:00
Michael Pöhn
9c5b35742d use ScannerTool for basic cacheing and scanning 2022-10-06 12:08:26 +02:00
Michael Pöhn
f56b1f3012 basic downloading for scan_binary signatures 2022-10-06 12:08:23 +02:00
Jochen Sprickerhof
82355b8559 Merge branch 'linsui-master-patch-90027' into 'master'
fix typo

See merge request fdroid/fdroidserver!1201
2022-10-05 06:15:53 +00:00
linsui
5354661fb4 fix typo 2022-10-05 06:15:53 +00:00
Hans-Christoph Steiner
cfd426cc1f Merge branch 'scan_more_binary' into 'master'
Support more file types in get_embedded_classes

Closes #999

See merge request fdroid/fdroidserver!1123
2022-09-30 18:09:32 +00:00
Hans-Christoph Steiner
3de6063a01 scanner: open DEX/ZIP by file magic; throw errors on bad filenames 2022-09-30 17:56:15 +00:00