The SUSS rule sets are changing all the time, but the test cases are not.
So this makes the test cases just use the built-in ruleset so the test
cases don't randomly break.
Use whatsNew text (if available) as release notes text when deploying to
Github releases. This feature will always use 'en-US' locale texts,
since English is the lingua franka on GitHub. Additionally this change
also adds a config option to preprend a static text to those release
notes.
There is no longer any reason for these to be intertwined.
This deliberately avoids touching some files as much as possible because
they are super tangled and due to be replaced. Those files are:
* fdroidserver/build.py
* fdroidserver/update.py
# Conflicts:
# tests/testcommon.py
# Conflicts:
# fdroidserver/btlog.py
# fdroidserver/import_subcommand.py
Microsoft and SanDisk sign APKs with a X.509 certificate chain of
trust, so there are actually three certificates included. apksigner
only cares about one certificate and ignores the other certificates in
the chain.
The correct values come from:
apksigner verify --print-certs 883cbdae7aeb2e4b122e8ee8d89966c7062d0d49107a130235fa220a5b994a79.apk
X.509 certificates are machine generated and just data, so are not
copyrightable. So I included SANAPPSI.* directly.
When troubleshooting things that are difficult to reproduce locally, like
different behaviors in the fedora_latest job, these changes make it easy to
keep the test files around after the tests run. For example, if PNGs are
processed differently by newer Python versions.
Apparently, the newest Python thingies strip the PNGs a tiny bit smaller,
so a fixed file size will lead to the test failing:
https://gitlab.com/fdroid/fdroidserver/-/jobs/6703386074
```
Traceback (most recent call last):
File "/builds/fdroid/fdroidserver/tests/index.TestCase", line 704, in test_package_metadata
self.assertEqual(36027, metadata['featureGraphic']['en-US']['size'])
AssertionError: 36027 != 35619
```
This also makes androguard a hard requirement, which has been true for a
while anyway. So the code that handles androguard as an optional
requirement is removed. androguard from Debian/buster is new enough, so
this does not seem like it will cause any problems.
This adds a check for "testOnly" to the existing "debuggable" check, since
they are very similar. We should really be refactoring all the checks into
a more reasonable setup. Since "debuggable" and "testOnly" are both set in
the same place (`<application>` in _AndroidManifest.xml_) and are both set
by the same process (running debug builds), I thought it would be OK to
include both in the same place. Plus it was a one-line change.
Since we have limited visibility into @CiaranG's signing server, it is hard
to make changes to the publishing process, especially ones that might break
@CiaranG's automation. So `fdroid publish` mostly reports success by
moving an APK from unsigned/ to repo/. In some cases, we want immediate
failure, like in CI. So this adds `--error-on-failed` for that purpose.