None of the config options in config.py require Python code. YAML is a
common config data format, and it is also used for build metadata. It is
also much safer to use since it can be pure data, without anything
executable in it. This also reduces the attack surface of the fdroid
process by eliminating a guaranteed place to write to get code executed.
With config.py, any exploit that can get local write access can turn that
into execute access by writing to the config.py, then cleaning up after
itself once it has what it needs. Switching to YAML removes that vector
entirely.
Also, this removes the config_file argument. It is not used in either
fdroidserver or repomaker. Also, it probably wouldn't work since so
much of the code assumes that the current working dir is the root of the
repo.
Up until now, the buildserver has not included androguard. Since a
good version of androguard (v3.3.3+) is included in stretch-backports
and the buildserver is already setup to use stretch-backports, this
sets up the buildserver with androguard.
closes#627
Ultimately we want to get to using apksigner by default everywhere,
this gets us closer to that by setting up all new repos to use
apksigner by default in the config.py
There must be at least one APK available for this test suite to work, for
example, this test:
grep -F '<application id=' repo/index.xml
This can't be easily implemented using an env vir beccause the while
loop is running in a pipe, so a different process.
copy_apks_into_repo is used with throwaway tmp dirs, so the stamp file
should work well.
Currently translated at 70.8% (403 of 569 strings)
Translated using Weblate: French (fr) by Renaud Perrai <contact@renaudperrai.fr>
Currently translated at 69.5% (396 of 569 strings)
Co-authored-by: Renaud Perrai <contact@renaudperrai.fr>
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/fr/
Translation: F-Droid/F-Droid Server
Currently translated at 60.1% (342 of 569 strings)
Translated using Weblate: Norwegian Bokmål (nb_NO) by Allan Nordhøy <epost@anotheragency.no>
Currently translated at 60.1% (342 of 569 strings)
Co-authored-by: Allan Nordhøy <epost@anotheragency.no>
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/nb_NO/
Translation: F-Droid/F-Droid Server
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/
Translation: F-Droid/F-Droid Server
Currently translated at 10.6% (60 of 565 strings)
Added translation using Weblate: Indonesian (id) by signz signotorez <signotorez@gmail.com>
Co-authored-by: signz signotorez <signotorez@gmail.com>
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/id/
Translation: F-Droid/F-Droid Server
Currently translated at 100.0% (565 of 565 strings)
Translated using Weblate: Portuguese (Portugal) (pt_PT) by ssantos <ssantos@web.de>
Currently translated at 100.0% (565 of 565 strings)
Translated using Weblate: Portuguese (Brazil) (pt_BR) by ssantos <ssantos@web.de>
Currently translated at 100.0% (565 of 565 strings)
Added translation using Weblate: Portuguese (pt) by ssantos <ssantos@web.de>
Translated using Weblate: Portuguese (Portugal) (pt_PT) by ssantos <ssantos@web.de>
Currently translated at 89.2% (504 of 565 strings)
Co-authored-by: ssantos <ssantos@web.de>
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/pt/
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/pt_BR/
Translate-URL: https://hosted.weblate.org/projects/f-droid/fdroidserver/pt_PT/
Translation: F-Droid/F-Droid Server