Jochen Sprickerhof
393301c9e3
Merge branch 'verify-apks-diff' into 'master'
...
verify_apks(): compare to unsigned APK if copying fails
See merge request fdroid/fdroidserver!1264
2022-12-01 13:49:53 +00:00
FC Stegerman
c81ad4485c
verify_apks(): compare to unsigned APK if copying fails
2022-11-30 10:39:46 +00:00
Hans-Christoph Steiner
159ae4a163
Merge branch 'clean_submodules' into 'master'
...
clean_repos plugin: also clean submodules
See merge request fdroid/fdroidserver!1268
2022-11-29 10:30:48 +00:00
Jochen Sprickerhof
46e5fa3714
clean_repos plugin: also clean submodules
2022-11-29 10:30:10 +00:00
Hans-Christoph Steiner
07481953ae
Merge branch 'gradle-release-checksums.py' into 'master'
...
update to gradle v7.6
See merge request fdroid/fdroidserver!1271
2022-11-29 10:29:36 +00:00
fdroid-bot
4574728bb4
gradle v7.6
2022-11-28 13:20:41 +00:00
Hans-Christoph Steiner
37ffdd9a2a
Merge branch 'linsui-master-patch-50291' into 'master'
...
gradle 7.6
See merge request fdroid/fdroidserver!1270
2022-11-28 13:19:59 +00:00
linsui
e6bf930fd4
gradle 7.6
2022-11-28 10:13:18 +00:00
Hans-Christoph Steiner
e70ef18d52
examples/fdroid_clean_repos.py: fix typo
...
!1227
2022-11-22 20:47:09 +01:00
Hans-Christoph Steiner
052c753075
examples/fdroid_clean_repos.py: black code format
...
!1227
2022-11-22 20:43:19 +01:00
Hans-Christoph Steiner
d7d4c18502
Merge branch 'cleanup_repos' into 'master'
...
update: make sure VCSs are clean
See merge request fdroid/fdroidserver!1227
2022-11-22 19:37:23 +00:00
Jochen Sprickerhof
1015225a00
Add plugin to cleanup app VCSs
2022-11-22 19:36:33 +00:00
Jochen Sprickerhof
886394c9a4
Merge branch 'index-v2-nightly' into 'master'
...
nightly bug fixes and tests
See merge request fdroid/fdroidserver!1257
2022-11-16 21:26:40 +00:00
Hans-Christoph Steiner
09b0405eb0
gitlab-ci: apksigner from current build-tools in ubuntu_jammy_pip
2022-11-16 20:16:36 +01:00
Hans-Christoph Steiner
1a30766c24
deploy: GIT_DEPTH=1 so GitLab Pages job runs as quick as possible
...
* https://docs.gitlab.com/ee/ci/large_repositories/index.html#shallow-cloning
2022-11-16 20:16:34 +01:00
Hans-Christoph Steiner
947d94e0a9
deploy: support GitLab Job Artifacts as a mirror
2022-11-16 20:16:32 +01:00
Hans-Christoph Steiner
d0976a3684
deploy: check repo size before enabling GitLab Pages
2022-11-16 20:16:30 +01:00
Hans-Christoph Steiner
cdce0958f8
deploy: convert .gitlab-ci.yml generation to dict + yaml.dump()
2022-11-16 20:16:27 +01:00
Hans-Christoph Steiner
f24613b701
index: fix git-mirror size check for GitLab Pages
...
The test case had the wrong folder setup, this was confirmed on a production
repo setup.
2022-11-16 20:16:25 +01:00
Hans-Christoph Steiner
83335437b9
nightly: if repo is too large, set archive_older to 3
...
If the user has not manually set --archive-older, then this will auto-switch
it from 20 to 3 to shrink the repo down so it fits into GitLab Pages.
2022-11-16 20:16:23 +01:00
Hans-Christoph Steiner
c2567d71d1
nightly: fail if *-nightly git repo is not publicly available
2022-11-16 20:16:21 +01:00
Hans-Christoph Steiner
15bd7057f0
nightly: add tests
2022-11-16 16:50:14 +01:00
Hans-Christoph Steiner
9c0eaac121
nightly: convert to config.yml
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
1c5506ae05
nightly: support OpenSSL 3.0 with Paramiko
...
OpenSSL 3.0 changed the default output format from PKCS#1 to PKCS#8,
which paramiko does not support.
https://www.openssl.org/docs/man3.0/man1/openssl-rsa.html#traditional
https://github.com/paramiko/paramiko/issues/1015
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
bf945a3062
nightly: only write SSH key files if ~/.ssh exists on dev's machine
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
553c9aa7e7
include tests/nightly.TestCase in dist tarball
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
e1793226e0
Merge branch 'robust-vagrant' into 'master'
...
Make buildserver build more robust and debuggable
See merge request fdroid/fdroidserver!811
2022-11-16 11:50:04 +00:00
Adam Novak
a15fc28982
Point user to Vagrant log if build server failed to build
2022-11-16 12:22:40 +01:00
Hans-Christoph Steiner
df579b2ff6
Merge branch 'reduce_noise' into 'master'
...
Drop VCS version check on every build
See merge request fdroid/fdroidserver!1214
2022-11-16 10:56:47 +00:00
Jochen Sprickerhof
3eea5f7c09
Don't get_android_tools_version_log for non builds
2022-11-16 10:56:27 +00:00
Jochen Sprickerhof
2cbb5576c7
Drop VCS version check on every build
...
This was introduced in
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/391
I don't think it is needed anymore.
Also log appid:versionCode
2022-11-16 10:56:27 +00:00
Hans-Christoph Steiner
b54eb946f1
Merge branch 'java-security-tmpdir' into 'master'
...
verify_old_apk_signature(): use temp dir instead of $PWD/.java.security
See merge request fdroid/fdroidserver!1256
2022-11-15 19:58:57 +00:00
FC Stegerman
e58637374c
verify_deprecated_jar_signature(): use temp dir instead of $PWD/.java.security
2022-11-15 19:10:38 +01:00
Jochen Sprickerhof
88995f71d3
Merge branch 'stop-preinstalling-ndk' into 'master'
...
stop pre-installing the ndk
See merge request fdroid/fdroidserver!1255
2022-11-15 13:25:55 +00:00
Hans-Christoph Steiner
c1342ab9d6
stop pre-installing the ndk
2022-11-15 13:25:19 +00:00
Jochen Sprickerhof
366dd0e408
Merge branch 'index-v2.jar-is-not-valid' into 'master'
...
index-v2.jar is not a valid file, remove references
See merge request fdroid/fdroidserver!1261
2022-11-15 13:22:27 +00:00
Hans-Christoph Steiner
01f7dfd0b3
index-v2.jar is not a valid file, remove references
...
entry.jar is the signed file, it references index-v2.json.
2022-11-15 13:22:09 +00:00
Jochen Sprickerhof
002d9cf333
Merge branch 'archive' into 'master'
...
Set ArchivePolicy default value based on VercodeOperation
See merge request fdroid/fdroidserver!1237
2022-11-15 13:21:32 +00:00
linsui
d25995c084
Set ArchivePolicy based on VercodeOperation/signature
2022-11-15 18:50:16 +08:00
Hans-Christoph Steiner
9016bb4ca0
Merge branch 'scanner-signature-sources-config' into 'master'
...
🔍 add `scanner_signature_sources` config option
Closes #732
See merge request fdroid/fdroidserver!1218
2022-11-15 09:33:36 +00:00
Michael Pöhn
4ce2f291e3
remove --exodus cli option from scanner.py
2022-11-15 09:20:26 +00:00
Michael Pöhn
24d88705fa
🔍 add scanner_signature_sources
config option
...
This adds the option to configure which set of signatures `fdroid
scanner` should use, by configuring it in `config.yml`. It allows
fetching signatures in our custom json format. It also adds 3 additional
sources: 'suss', 'exodus', 'etip'
2022-11-15 09:20:26 +00:00
Jochen Sprickerhof
46d077292c
Merge branch 'reduce_status_json' into 'master'
...
status.json: drop logs of failed builds
See merge request fdroid/fdroidserver!1254
2022-11-15 08:25:05 +00:00
Jochen Sprickerhof
e0fa38bab3
status.json: drop logs of failed builds
...
Those are uploaded separately.
2022-11-15 08:12:51 +00:00
Jochen Sprickerhof
1562975bad
Merge branch 'vm-cpu-memory-status' into 'master'
...
build: read VM CPUs/RAM from builder/Vagrantfile
See merge request fdroid/fdroidserver!1262
2022-11-15 08:11:45 +00:00
Hans-Christoph Steiner
bd51b2e99f
build: read VM CPUs/RAM from builder/Vagrantfile
...
makebuildserver.config.py is no more, builder/Vagrantfile is now where the
CPU and memory is configured for the buildserver VM. In fact, that was
always the actual place, the makebuildserver.config.py thing was just
confused.
This should have been part of !1222
2022-11-15 08:57:41 +01:00
Hans-Christoph Steiner
5ea8c7da45
Merge branch 'fix_new_jdk' into 'master'
...
Skip jarsigner test due to weak signatures
See merge request fdroid/fdroidserver!1239
2022-11-15 07:19:19 +00:00
Jochen Sprickerhof
0549535bab
signindex: fix buster workaround
...
Don't try to remove arg if the old args where used.
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
1bb963d768
jarsigner: allow weak signatures
...
openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:
jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar
131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
0 Fri Dec 02 20:09:58 CET 2016 META-INF/
m ? 48743 Fri Dec 02 20:09:58 CET 2016 index.xml
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
? = unsigned entry
- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
Digest algorithm: SHA1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 4096-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
d4b6e95c4e
init: use provided keyalias
2022-11-14 17:58:37 +01:00