1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-10 17:30:11 +01:00
Commit Graph

7904 Commits

Author SHA1 Message Date
Jochen Sprickerhof
393301c9e3 Merge branch 'verify-apks-diff' into 'master'
verify_apks(): compare to unsigned APK if copying fails

See merge request fdroid/fdroidserver!1264
2022-12-01 13:49:53 +00:00
FC Stegerman
c81ad4485c verify_apks(): compare to unsigned APK if copying fails 2022-11-30 10:39:46 +00:00
Hans-Christoph Steiner
159ae4a163 Merge branch 'clean_submodules' into 'master'
clean_repos plugin: also clean submodules

See merge request fdroid/fdroidserver!1268
2022-11-29 10:30:48 +00:00
Jochen Sprickerhof
46e5fa3714 clean_repos plugin: also clean submodules 2022-11-29 10:30:10 +00:00
Hans-Christoph Steiner
07481953ae Merge branch 'gradle-release-checksums.py' into 'master'
update to gradle v7.6

See merge request fdroid/fdroidserver!1271
2022-11-29 10:29:36 +00:00
fdroid-bot
4574728bb4 gradle v7.6 2022-11-28 13:20:41 +00:00
Hans-Christoph Steiner
37ffdd9a2a Merge branch 'linsui-master-patch-50291' into 'master'
gradle 7.6

See merge request fdroid/fdroidserver!1270
2022-11-28 13:19:59 +00:00
linsui
e6bf930fd4 gradle 7.6 2022-11-28 10:13:18 +00:00
Hans-Christoph Steiner
e70ef18d52
examples/fdroid_clean_repos.py: fix typo
!1227
2022-11-22 20:47:09 +01:00
Hans-Christoph Steiner
052c753075 examples/fdroid_clean_repos.py: black code format
!1227
2022-11-22 20:43:19 +01:00
Hans-Christoph Steiner
d7d4c18502 Merge branch 'cleanup_repos' into 'master'
update: make sure VCSs are clean

See merge request fdroid/fdroidserver!1227
2022-11-22 19:37:23 +00:00
Jochen Sprickerhof
1015225a00 Add plugin to cleanup app VCSs 2022-11-22 19:36:33 +00:00
Jochen Sprickerhof
886394c9a4 Merge branch 'index-v2-nightly' into 'master'
nightly bug fixes and tests

See merge request fdroid/fdroidserver!1257
2022-11-16 21:26:40 +00:00
Hans-Christoph Steiner
09b0405eb0
gitlab-ci: apksigner from current build-tools in ubuntu_jammy_pip 2022-11-16 20:16:36 +01:00
Hans-Christoph Steiner
1a30766c24
deploy: GIT_DEPTH=1 so GitLab Pages job runs as quick as possible
* https://docs.gitlab.com/ee/ci/large_repositories/index.html#shallow-cloning
2022-11-16 20:16:34 +01:00
Hans-Christoph Steiner
947d94e0a9
deploy: support GitLab Job Artifacts as a mirror 2022-11-16 20:16:32 +01:00
Hans-Christoph Steiner
d0976a3684
deploy: check repo size before enabling GitLab Pages 2022-11-16 20:16:30 +01:00
Hans-Christoph Steiner
cdce0958f8
deploy: convert .gitlab-ci.yml generation to dict + yaml.dump() 2022-11-16 20:16:27 +01:00
Hans-Christoph Steiner
f24613b701
index: fix git-mirror size check for GitLab Pages
The test case had the wrong folder setup, this was confirmed on a production
repo setup.
2022-11-16 20:16:25 +01:00
Hans-Christoph Steiner
83335437b9
nightly: if repo is too large, set archive_older to 3
If the user has not manually set --archive-older, then this will auto-switch
it from 20 to 3 to shrink the repo down so it fits into GitLab Pages.
2022-11-16 20:16:23 +01:00
Hans-Christoph Steiner
c2567d71d1
nightly: fail if *-nightly git repo is not publicly available 2022-11-16 20:16:21 +01:00
Hans-Christoph Steiner
15bd7057f0 nightly: add tests 2022-11-16 16:50:14 +01:00
Hans-Christoph Steiner
9c0eaac121 nightly: convert to config.yml 2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
1c5506ae05 nightly: support OpenSSL 3.0 with Paramiko
OpenSSL 3.0 changed the default output format from PKCS#1 to PKCS#8,
which paramiko does not support.

https://www.openssl.org/docs/man3.0/man1/openssl-rsa.html#traditional
https://github.com/paramiko/paramiko/issues/1015
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
bf945a3062 nightly: only write SSH key files if ~/.ssh exists on dev's machine 2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
553c9aa7e7 include tests/nightly.TestCase in dist tarball 2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
e1793226e0 Merge branch 'robust-vagrant' into 'master'
Make buildserver build more robust and debuggable

See merge request fdroid/fdroidserver!811
2022-11-16 11:50:04 +00:00
Adam Novak
a15fc28982 Point user to Vagrant log if build server failed to build 2022-11-16 12:22:40 +01:00
Hans-Christoph Steiner
df579b2ff6 Merge branch 'reduce_noise' into 'master'
Drop VCS version check on every build

See merge request fdroid/fdroidserver!1214
2022-11-16 10:56:47 +00:00
Jochen Sprickerhof
3eea5f7c09 Don't get_android_tools_version_log for non builds 2022-11-16 10:56:27 +00:00
Jochen Sprickerhof
2cbb5576c7 Drop VCS version check on every build
This was introduced in
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/391

I don't think it is needed anymore.

Also log appid:versionCode
2022-11-16 10:56:27 +00:00
Hans-Christoph Steiner
b54eb946f1 Merge branch 'java-security-tmpdir' into 'master'
verify_old_apk_signature(): use temp dir instead of $PWD/.java.security

See merge request fdroid/fdroidserver!1256
2022-11-15 19:58:57 +00:00
FC Stegerman
e58637374c
verify_deprecated_jar_signature(): use temp dir instead of $PWD/.java.security 2022-11-15 19:10:38 +01:00
Jochen Sprickerhof
88995f71d3 Merge branch 'stop-preinstalling-ndk' into 'master'
stop pre-installing the ndk

See merge request fdroid/fdroidserver!1255
2022-11-15 13:25:55 +00:00
Hans-Christoph Steiner
c1342ab9d6 stop pre-installing the ndk 2022-11-15 13:25:19 +00:00
Jochen Sprickerhof
366dd0e408 Merge branch 'index-v2.jar-is-not-valid' into 'master'
index-v2.jar is not a valid file, remove references

See merge request fdroid/fdroidserver!1261
2022-11-15 13:22:27 +00:00
Hans-Christoph Steiner
01f7dfd0b3 index-v2.jar is not a valid file, remove references
entry.jar is the signed file, it references index-v2.json.
2022-11-15 13:22:09 +00:00
Jochen Sprickerhof
002d9cf333 Merge branch 'archive' into 'master'
Set ArchivePolicy default value based on VercodeOperation

See merge request fdroid/fdroidserver!1237
2022-11-15 13:21:32 +00:00
linsui
d25995c084 Set ArchivePolicy based on VercodeOperation/signature 2022-11-15 18:50:16 +08:00
Hans-Christoph Steiner
9016bb4ca0 Merge branch 'scanner-signature-sources-config' into 'master'
🔍 add `scanner_signature_sources` config option

Closes #732

See merge request fdroid/fdroidserver!1218
2022-11-15 09:33:36 +00:00
Michael Pöhn
4ce2f291e3 remove --exodus cli option from scanner.py 2022-11-15 09:20:26 +00:00
Michael Pöhn
24d88705fa 🔍 add scanner_signature_sources config option
This adds the option to configure which set of signatures `fdroid
scanner` should use, by configuring it in `config.yml`. It allows
fetching signatures in our custom json format. It also adds 3 additional
sources: 'suss', 'exodus', 'etip'
2022-11-15 09:20:26 +00:00
Jochen Sprickerhof
46d077292c Merge branch 'reduce_status_json' into 'master'
status.json: drop logs of failed builds

See merge request fdroid/fdroidserver!1254
2022-11-15 08:25:05 +00:00
Jochen Sprickerhof
e0fa38bab3 status.json: drop logs of failed builds
Those are uploaded separately.
2022-11-15 08:12:51 +00:00
Jochen Sprickerhof
1562975bad Merge branch 'vm-cpu-memory-status' into 'master'
build: read VM CPUs/RAM from builder/Vagrantfile

See merge request fdroid/fdroidserver!1262
2022-11-15 08:11:45 +00:00
Hans-Christoph Steiner
bd51b2e99f build: read VM CPUs/RAM from builder/Vagrantfile
makebuildserver.config.py is no more, builder/Vagrantfile is now where the
CPU and memory is configured for the buildserver VM.  In fact, that was
always the actual place, the makebuildserver.config.py thing was just
confused.

This should have been part of !1222
2022-11-15 08:57:41 +01:00
Hans-Christoph Steiner
5ea8c7da45 Merge branch 'fix_new_jdk' into 'master'
Skip jarsigner test due to weak signatures

See merge request fdroid/fdroidserver!1239
2022-11-15 07:19:19 +00:00
Jochen Sprickerhof
0549535bab
signindex: fix buster workaround
Don't try to remove arg if the old args where used.
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
1bb963d768
jarsigner: allow weak signatures
openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:

jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar

         131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
         252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
        2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
           0 Fri Dec 02 20:09:58 CET 2016 META-INF/
 m  ?  48743 Fri Dec 02 20:09:58 CET 2016 index.xml

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  ? = unsigned entry

- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
    Digest algorithm: SHA1 (disabled)
    Signature algorithm: SHA1withRSA (disabled), 4096-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
d4b6e95c4e
init: use provided keyalias 2022-11-14 17:58:37 +01:00