Hans-Christoph Steiner
b58eaa224b
buildserver: include apksigner for Binaries: verification
...
Verification of Binaries: happens in the buildserver VM first, so it needs
a matching version of apksigner as the rest of the process. This fixes:
https://gitlab.com/fdroid/fdroidserver/-/jobs/3154772374
2022-10-11 12:03:55 +00:00
Hans-Christoph Steiner
d33907606e
gitlab-ci: install sdkmanager from bullseye-backports
2022-10-11 13:57:38 +02:00
Jochen Sprickerhof
c6f83a58f2
Merge branch 'mvn' into 'master'
...
remove MVN3
See merge request fdroid/fdroidserver!1203
2022-10-11 11:26:09 +00:00
linsui
e90f03a494
remove MVN3
2022-10-11 09:58:35 +00:00
Hans-Christoph Steiner
98437d88d0
Merge branch 'keep-fdroidserver-dependencies' into 'master'
...
buildserver: prevent fdroidserver deps from being purged in Docker
See merge request fdroid/fdroidserver!1204
2022-10-11 08:57:08 +00:00
Hans-Christoph Steiner
e192eb4a32
buildserver: prevent fdroidserver deps from being purged in Docker
2022-10-11 10:52:54 +02:00
Hans-Christoph Steiner
b4720d9201
gitlab-ci: fix reversed logic in docker push
...
I got it backwards in 66d8b783f0
from !1183
2022-10-11 09:53:42 +02:00
Hans-Christoph Steiner
b0124aca1a
Merge branch 'upgrade_buildserver_vm' into 'master'
...
Upgrade Buildserver VM to latest Debian (Bullseye)
See merge request fdroid/fdroidserver!1012
2022-10-11 07:38:44 +00:00
Hans-Christoph Steiner
4e839ac63b
switch to latest vagrant boxes
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
a0ea27632e
buildserver: use HTTPS for security.debian.org
...
It is now officially supported:
https://guardianproject.info/2021/12/08/debian-over-https/
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
4eb189ad2e
gitlab-ci: plugin_fetchsrclibs runs in same base OS as fdroiddata
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
c6f5956537
install Vagrant insecure_private_key into buildserver box
...
Vagrant uses the "insecure private key" to establish the first SSH
connection to a new VM based on a clean public box. In theory, the
`vagrant package` command should do that automatically. This process
is still using custom code instead of `vagrant package`, hence this
script.
This public key can be generated on any Vagrant install using:
ssh-keygen -y -f ~/.vagrant.d/insecure_private_key
https://www.vagrantup.com/docs/vagrantfile/ssh_settings#config-ssh-private_key_path
fdroid-bootstrap-buildserver#12
!1012
!1099
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
046d3c8dcf
Use ssh_config.d
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
c208582e75
Drop old java_paths
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
9ddf38b69a
Drop vagrant ssh config
...
Not needed and breaks login with debian/bullseye64 image.
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
dbaa3f6ec2
Stop installing ConstraintLayout
...
sdkmanager does not work anymore with Java 11 and these can be installed in
the app's build metadata.
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
f03e812a13
Drop obsolete apt-transport-https
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
d762f423ce
Install patch and rsync (required by fdroidserver)
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
b4f8ab289d
Use yaml.safe_*
2022-10-10 21:22:59 +02:00
Jochen Sprickerhof
cb2c3a34bb
remove hack to disable GNOME.Accessibility for minimal deps
...
This is commented out by default on all OpenJDK packages since Java 8.
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1012?diff_id=263085985#note_726457435
root@sid:/# grep Accessibility /etc/java-*-openjdk/accessibility.properties
/etc/java-11-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-17-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-18-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-8-openjdk/accessibility.properties:assistive_technologies=org.GNOME.Accessibility.AtkWrapper
2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
be5aefd3ee
Install required packages for fdroidserver automatically
2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
cc641b5470
Stop adding i386 architecture to dpkg
2022-10-10 21:22:59 +02:00
FestplattenSchnitzel
df46eb86c3
Upgrade Buildserver VM
...
Use Vagrant boxes built with cloud-team/debian-vagrant-images instead of fdroid/basebox,
Use Debian Bullseye (11) instead of Debian Stretch (9)
2022-10-10 21:22:59 +02:00
Hans-Christoph Steiner
7accb96b9e
Merge branch 'unified-scanner-signatures' into 'master'
...
cached scanner signatures
Closes #1008
See merge request fdroid/fdroidserver!1198
2022-10-06 14:09:49 +00:00
Hans-Christoph Steiner
9ccf583061
Apply 3 suggestion(s) to 2 file(s)
2022-10-06 13:55:38 +00:00
Michael Pöhn
e967fc61cf
scanner: add regression tests for signautre load logic
2022-10-06 14:50:30 +02:00
Michael Pöhn
d815a64fdb
scanner: filter urlopen schemes, mute bandit
2022-10-06 12:09:07 +02:00
Michael Pöhn
b7233dfb2e
ignore cache write test case on older python versions
2022-10-06 12:09:07 +02:00
Michael Pöhn
59b1899d79
scanner: switch form iso8601 to unix timestamp for python3.5 support
2022-10-06 12:09:07 +02:00
Michael Pöhn
9560ed955c
avoid running into native-date object issue
...
Seem I ran into this issue: https://bugs.python.org/issue47228 This
change tries to fix it by using utcnow insteas of astimezone.
2022-10-06 12:09:07 +02:00
Michael Pöhn
7933623e93
fix pydocstyle lint errors
2022-10-06 12:09:07 +02:00
Michael Pöhn
036b788424
move suss defaults into scanner.py
...
As discussed with _hc, we're going to keep the default values for
SUSS inside the python code for now. To avoid compilcated packaging
issues. Once fdroidserver does not have to support python verison older
than 3.7 we can utilize to `importlib.resources` for shipping these
defaults as separate file.
2022-10-06 12:09:07 +02:00
Michael Pöhn
0921863fa6
scanner: update suss defaults after removal of allowlisted feature
2022-10-06 12:09:07 +02:00
Michael Pöhn
6899c22f48
scanner: remove allowlisted from scan_source
2022-10-06 12:09:06 +02:00
Michael Pöhn
a8bcaa3d70
scanner: implement caching rules for suss
2022-10-06 12:09:06 +02:00
Michael Pöhn
bfcc30b854
add --refresh to scanner
2022-10-06 12:09:06 +02:00
Michael Pöhn
4a38908bd7
make cachedir subdirectories pick their place correctly based on parent folder
2022-10-06 12:09:06 +02:00
Michael Pöhn
1e6694112a
rename to suss
2022-10-06 12:09:06 +02:00
Michael Pöhn
dc1a2db3f4
scanner: use Path.resovle instead of undocumented absolute()
2022-10-06 12:09:06 +02:00
Michael Pöhn
c9b59b525d
fix timestamp check; remove dead code
2022-10-06 12:09:05 +02:00
Michael Pöhn
c10633eac5
convert fdroid scanner --exodus to SignatureDataController
2022-10-06 12:08:26 +02:00
Michael Pöhn
d5ef1b2e95
add --clear-cache option to scanner
2022-10-06 12:08:26 +02:00
Michael Pöhn
e4b54fe4a7
move NON_FREE_GRADLE_LINES to signature definition files
2022-10-06 12:08:26 +02:00
Michael Pöhn
9c5b35742d
use ScannerTool for basic cacheing and scanning
2022-10-06 12:08:26 +02:00
Michael Pöhn
f56b1f3012
basic downloading for scan_binary signatures
2022-10-06 12:08:23 +02:00
Jochen Sprickerhof
82355b8559
Merge branch 'linsui-master-patch-90027' into 'master'
...
fix typo
See merge request fdroid/fdroidserver!1201
2022-10-05 06:15:53 +00:00
linsui
5354661fb4
fix typo
2022-10-05 06:15:53 +00:00
Hans-Christoph Steiner
cfd426cc1f
Merge branch 'scan_more_binary' into 'master'
...
Support more file types in get_embedded_classes
Closes #999
See merge request fdroid/fdroidserver!1123
2022-09-30 18:09:32 +00:00
Hans-Christoph Steiner
3de6063a01
scanner: open DEX/ZIP by file magic; throw errors on bad filenames
2022-09-30 17:56:15 +00:00
Hans-Christoph Steiner
aa190d532f
scanner.TestCase: manually convert to black code format
...
I manually changed some code structures to give a decent code format.
2022-09-30 17:56:15 +00:00