1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-17 20:20:12 +01:00
Commit Graph

8393 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
4ca77a4faf update: strip all whitespace from buildserverid 2018-03-22 23:19:54 +01:00
Hans-Christoph Steiner
8ab2deace2 Merge branch 'weblate' into 'master'
Weblate

See merge request fdroid/fdroidserver!483
2018-03-22 22:21:06 +00:00
Hans-Christoph Steiner
02203efe15 Weblate 2018-03-22 22:21:06 +00:00
Marcus
3ee4855945 Merge branch 'gradle-4.6' into 'master'
makebuildserver: add Gradle 4.6

See merge request fdroid/fdroidserver!482
2018-03-16 08:33:52 +00:00
relan
64fad95fa1 makebuildserver: add Gradle 4.6 2018-03-16 07:39:44 +03:00
Hans-Christoph Steiner
4b788b3b09 Merge branch 'master' into 'master'
update: handle AndroidManifest XML namespace named other than 'android'

See merge request fdroid/fdroidserver!481
2018-03-15 15:23:55 +00:00
Hans-Christoph Steiner
54242dee32 update: handle AndroidManifest XML namespace named other than 'android'
https://stackoverflow.com/questions/5856719/why-do-we-specify-namespace-in-android-xml-file

https://f-droid.org/repo/org.moire.ultrasonic_60.apk has:
xmlns:a="http://schemas.android.com/apk/res/android"
2018-03-15 15:56:30 +01:00
Hans-Christoph Steiner
d290eb96f9 Merge branch 'master' into 'master'
update: handle renameManifestPackage when extracting icons with androguard

See merge request fdroid/fdroidserver!480
2018-03-14 18:09:19 +00:00
Hans-Christoph Steiner
b5c1634320 update: handle renameManifestPackage when extracting icons with androguard
aapt --rename-manifest-package changes the applicationId for an app without
changing the packageName listed in AndroidManifest.xml under
<application android:package="">
2018-03-14 18:43:05 +01:00
Hans-Christoph Steiner
cd8b583db1 Merge branch 'master' into 'master'
update: support all official DPIs when extracting icons

See merge request fdroid/fdroidserver!479
2018-03-13 16:12:52 +00:00
Hans-Christoph Steiner
493c485755 update: support all official DPIs when extracting icons
https://developer.android.com/training/multiscreen/screendensities.html
2018-03-13 16:47:24 +01:00
Hans-Christoph Steiner
b445fc066b Merge branch 'master' into 'master'
two update parsing fixes  when using androguard

See merge request fdroid/fdroidserver!477
2018-03-13 11:36:43 +00:00
Hans-Christoph Steiner
3b09e5ee08 update: do not crash on android-26+ XML icon
For example:
res/drawable-v26/icon.xml

Here's the full range of possibilities, we have a lot of work to do:

$ for f in */*.apk; do unzip -l $f |grep -F icon.| grep -Eo 'res/drawable[^/]*'; done | sort -u
res/drawable
res/drawable-anydpi-v21
res/drawable-anydpi-v26
res/drawable-hdpi
res/drawable-hdpi-v11
res/drawable-hdpi-v12
res/drawable-hdpi-v4
res/drawable-hdpi-v5
res/drawable-hdpi-v6
res/drawable-hdpi-v9
res/drawable-large
res/drawable-large-hdpi-v11
res/drawable-large-hdpi-v4
res/drawable-large-ldpi-v4
res/drawable-large-mdpi
res/drawable-large-mdpi-v11
res/drawable-large-v4
res/drawable-large-xhdpi-v11
res/drawable-large-xhdpi-v4
res/drawable-large-xxhdpi-v11
res/drawable-large-xxhdpi-v4
res/drawable-ldpi
res/drawable-ldpi-v11
res/drawable-ldpi-v4
res/drawable-ldpi-v5
res/drawable-ldpi-v6
res/drawable-ldpi-v9
res/drawable-ldrtl-v17
res/drawable-mdpi
res/drawable-mdpi-v11
res/drawable-mdpi-v12
res/drawable-mdpi-v4
res/drawable-mdpi-v5
res/drawable-mdpi-v6
res/drawable-mdpi-v9
res/drawable-nodpi
res/drawable-nodpi-v4
res/drawable-tvdpi-v4
res/drawable-v11
res/drawable-v14
res/drawable-v21
res/drawable-xhdpi
res/drawable-xhdpi-v11
res/drawable-xhdpi-v12
res/drawable-xhdpi-v4
res/drawable-xhdpi-v9
res/drawable-xlarge-hdpi
res/drawable-xlarge-hdpi-v4
res/drawable-xlarge-mdpi
res/drawable-xlarge-mdpi-v4
res/drawable-xlarge-v4
res/drawable-xlarge-xhdpi-v4
res/drawable-xxhdpi
res/drawable-xxhdpi-v11
res/drawable-xxhdpi-v21
res/drawable-xxhdpi-v4
res/drawable-xxhdpi-v9
res/drawable-xxxhdpi
res/drawable-xxxhdpi-v11
res/drawable-xxxhdpi-v4
2018-03-13 12:13:23 +01:00
Hans-Christoph Steiner
e89478e529 update: do not crash on APKs without icons when using androguard 2018-03-13 11:19:19 +01:00
Hans-Christoph Steiner
2c8008356b update: handle bad XML when using androguard
repo/ch.swift.willi_417101.apk had a C/Java comment in the
AndroidManifest.xml rather than an XML comment:

<uses-sdk android:minSdkVersion="16" android:targetSdkVersion="26">
</uses-sdk>
// Remove permissions introduced by the appsflyer library
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION">
</uses-permission>
2018-03-12 17:55:45 +01:00
Hans-Christoph Steiner
d98d8c2e52 update: do not crash with androguard when working with apps without icons
For example, SpeedoMeterApp.main_1.apk
2018-03-12 17:55:45 +01:00
Marcus
00b334689f Merge branch 'fix_config_doc' into 'master'
Fix misleading java_path example

See merge request fdroid/fdroidserver!478
2018-03-12 12:37:43 +00:00
Gioacchino Mazzurco
87fdca0d90
Fix misleading java_path example
As you can see in fdroidserver/common.py:219
for java_version in ('7', '8', '9'):
the code look for java version without the 1. in front, after getting a
bunch of error message that JDK could't be found, investigating the code
and documentation I discovered my configuration was ignored because of
this and realized the example was wrong
2018-03-12 12:01:16 +01:00
Hans-Christoph Steiner
ef603d662b jenkins-test: run checkupdates as final stage of test run 2018-03-11 21:36:41 +01:00
Marcus
ae8635633d Merge branch 'master' into 'master'
checkupdates: Save app data to correct metadata format

Closes #461

See merge request fdroid/fdroidserver!476
2018-03-09 20:13:51 +00:00
mimi89999
aaa6b55bf7
checkupdates: Save app data to correct metadata format
Closes #461
2018-03-09 20:46:59 +01:00
Hans-Christoph Steiner
a576796291 jenkins-test: remove tmp hack now that androguard is available
Does the same thing as 9f553186e8 but for
jenkins.debian.net's profitbricks-build7-amd64 setup.
2018-03-09 13:45:51 +01:00
Hans-Christoph Steiner
02107cc5bc gitlab-ci: make ubuntu_lts job test of fdroid/fdroidserver PPA
Now that androguard is working, there should be no need for a specific aapt
version.  The aapt included in Ubuntu LTS should always work fine when
androguard handles the bulk of the work.
2018-03-09 12:00:31 +01:00
Hans-Christoph Steiner
4fcf69a9ef Merge 'fix-scanner' into 'master'
scanner: support Gradle plugin 3.0 syntax for dependencies

fdroid/fdroidserver!475
2018-03-08 13:56:14 +01:00
Hans-Christoph Steiner
44e8f425d5 fix PEP8 formatting issue
fdroidserver/scanner.py:35:34: E241 multiple spaces after ','
fdroidserver/scanner.py:36:35: E241 multiple spaces after ','
fdroidserver/scanner.py:37:30: E241 multiple spaces after ','
fdroidserver/scanner.py:38:41: E241 multiple spaces after ','
fdroidserver/scanner.py:39:30: E241 multiple spaces after ','
fdroidserver/scanner.py:40:38: E241 multiple spaces after ','
fdroidserver/scanner.py:41:38: E241 multiple spaces after ','
2018-03-08 13:55:07 +01:00
relan
44d17663fd scanner: support Gradle plugin 3.0 syntax for dependencies
See https://developer.android.com/studio/build/gradle-plugin-3-0-0-migration.html#new_configurations
2018-03-08 15:23:15 +03:00
Hans-Christoph Steiner
95e016695c travis-ci: build against latest OSX 10.12 and 10.13 images 2018-03-07 15:15:28 +01:00
Hans-Christoph Steiner
8b9fe05af5 travis-ci: support old versions of OSX 2018-03-07 15:14:30 +01:00
Hans-Christoph Steiner
47b1d4b1e6 travis: brew's Python3 is now called just 'python'
https://discourse.brew.sh/t/brew-install-python3-fails/1756
2018-03-07 14:14:29 +01:00
Hans-Christoph Steiner
7d79780df0 tests: checkupdates now requires a clean git repo state 2018-03-06 20:50:23 +01:00
Hans-Christoph Steiner
8215bbbe9a Merge branch 'checkupdates' into 'master'
tighten up checkupdates

See merge request fdroid/fdroidserver!474
2018-03-06 19:20:38 +00:00
Hans-Christoph Steiner
70d9633555 build/checkupdates/update: log current fdroiddata commit to wiki 2018-03-05 21:49:09 +01:00
Hans-Christoph Steiner
86907d2ebf checkupdates: exit with error if fdroiddata git repo is dirty
One key security property of the F-Droid ecosystem is that the sensitive
code is all stored forever in git repos and source tarballs.  That means
we can easily go back and see if there where exploits and where they came
from.  Therefore, checkupdates should require everything in fdroiddata be
committed to git before running.

This provides --allow-dirty to override that behavior.
2018-03-05 21:49:09 +01:00
Hans-Christoph Steiner
67d386d925 Merge branch 'more-security-fixes' into 'master'
More security fixes

See merge request fdroid/fdroidserver!471
2018-03-05 09:10:57 +00:00
Hans-Christoph Steiner
8f30c892c5 VercodeOperation: only allow simple math expresssions and %c 2018-03-05 09:45:58 +01:00
Hans-Christoph Steiner
6876e28bb4 hg: use /bin/false to clarify that it is an executable 2018-03-05 09:45:58 +01:00
Hans-Christoph Steiner
6cd8f2ffea SVN: only allow redirects to HTTPS
"SVN follows HTTP 301 redirects to svn+ssh:// URLs. As a result, an
innocent looking HTTP URL can be used to trigger a Command Execution with a
301 redirect."
https://blog.recurity-labs.com/2017-08-10/scm-vulns.html#third-round-svn-and-mercurial

I scanned fdroiddata and found no suspicious redirects.  Here's how:

grep -A1 '^Repo *Type: *git-svn' *.txt *.yml| sed -n 's,.*Repo:\(.*\),\1,p' > /tmp/urls.txt

import requests
with open('/tmp/urls.txt') as fp:
    for line in fp:
        try:
            r = requests.head(line.strip())
            print(r.status_code, line)
        except requests.exceptions.SSLError:
            print('SSLError', line)
2018-03-05 09:45:58 +01:00
Marcus
654b3cb9dc Merge branch 'lint_fix' into 'master'
lint: fix update check data https check

See merge request fdroid/fdroidserver!473
2018-03-02 22:59:26 +00:00
Marcus Hoffmann
c81d5da953
lint: fix update check data https check
The urlver field can be '.', this was not considered in
26bfd7fb28.
2018-03-02 23:56:49 +01:00
Marcus
c35b120ff2 Merge branch 'tighten-up-UpdateCheckData' into 'master'
Tighten up UpdateCheckData

See merge request fdroid/fdroidserver!470
2018-03-02 11:45:53 +00:00
Hans-Christoph Steiner
7da0747849 checkupdates: require UpdateCheckData has valid HTTPS URL 2018-03-01 23:51:36 +01:00
Hans-Christoph Steiner
26bfd7fb28 lint: require UpdateCheckData to contain only valid HTTPS URLs 2018-03-01 23:51:27 +01:00
Hans-Christoph Steiner
1c9bc32bf6 lint: tighten up HTTPS checks on URLs 2018-03-01 23:38:56 +01:00
Hans-Christoph Steiner
4197a4a64a Merge branch 'master' into 'master'
update: make icon extraction less dependent on aapt

Closes fdroid-website#192

See merge request fdroid/fdroidserver!469
2018-02-28 21:42:06 +00:00
Hans-Christoph Steiner
498ea5d609 lint: ban all dangerous HTML tags
* https://en.wikipedia.org/wiki/HTML_sanitization
* https://asostack.com/enhance-your-google-play-store-description-with-rich-formatting-and-emojis-5f50ff354e5f
2018-02-27 12:09:54 +01:00
Hans-Christoph Steiner
b2ca49b26c update: make icon extraction less dependent on aapt
For androguard, @thezero already developed a way to get all the icons after
only extracting the icon name.  So this uses that for the aapt-based scans
also, to make them less brittle.

This should fix the problem where `fdroid update` was choosing the XML icon
for apps that include one, like NewPipe.

closes fdroid/fdroid-website#192
2018-02-26 23:43:42 +01:00
Hans-Christoph Steiner
01a73071c7 gitlab-ci: set metadata_v0 test to use 1.0.2 as the baseline 2018-02-23 22:48:44 +01:00
Hans-Christoph Steiner
0fa50ebcb2 rewritemeta: fix proper_format() so lint works with .yml files 2018-02-23 22:43:03 +01:00
Hans-Christoph Steiner
5a6a51a29e Merge branch 'allow-dashes-and-underscores-in-signature-file-names-when-checking-for-reproducability' into 'master'
allow dashes and underscores in signature file names when checking for reproducability

See merge request fdroid/fdroidserver!468
2018-02-22 23:23:50 +00:00
Michael Pöhn
8cca83aec4 allow dashes and underscores in signature file names when checking for reproducability 2018-02-22 23:30:42 +01:00