1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 22:40:12 +01:00
Commit Graph

746 Commits

Author SHA1 Message Date
Michael Pöhn
9560ed955c avoid running into native-date object issue
Seem I ran into this issue: https://bugs.python.org/issue47228  This
change tries to fix it by using utcnow insteas of astimezone.
2022-10-06 12:09:07 +02:00
Michael Pöhn
0921863fa6 scanner: update suss defaults after removal of allowlisted feature 2022-10-06 12:09:07 +02:00
Michael Pöhn
a8bcaa3d70 scanner: implement caching rules for suss 2022-10-06 12:09:06 +02:00
Michael Pöhn
bfcc30b854 add --refresh to scanner 2022-10-06 12:09:06 +02:00
Michael Pöhn
1e6694112a rename to suss 2022-10-06 12:09:06 +02:00
Michael Pöhn
c9b59b525d fix timestamp check; remove dead code 2022-10-06 12:09:05 +02:00
Michael Pöhn
c10633eac5 convert fdroid scanner --exodus to SignatureDataController 2022-10-06 12:08:26 +02:00
Michael Pöhn
d5ef1b2e95 add --clear-cache option to scanner 2022-10-06 12:08:26 +02:00
Michael Pöhn
f56b1f3012 basic downloading for scan_binary signatures 2022-10-06 12:08:23 +02:00
Hans-Christoph Steiner
3de6063a01 scanner: open DEX/ZIP by file magic; throw errors on bad filenames 2022-09-30 17:56:15 +00:00
Hans-Christoph Steiner
aa190d532f scanner.TestCase: manually convert to black code format
I manually changed some code structures to give a decent code format.
2022-09-30 17:56:15 +00:00
Jochen Sprickerhof
f96f247095
Add test for git getref 2022-09-15 13:32:11 +02:00
linsui
ac96e43e13 scanner: add some rules 2022-09-14 15:02:37 +00:00
pmmayero
0ad45a94a8 Addition of IPFS CIDv1 to Index
IPFS CIDv1 is only generated for APKs and "repo files"
2022-09-14 09:28:02 +00:00
Jochen Sprickerhof
483d6da51c
Cleanup tests/dump_internal_metadata_format.py
- Update usage documentation.
- Use argparse.
- Simplify config handling (similar to readmeta.py).
- Drop code for fdroidserver before 0.7.0.
- Reformat with black.
2022-09-08 21:40:26 +02:00
Hans-Christoph Steiner
b854f3bab7 update: fully isolate testInsertStoreMetadata test
The test was failing due to something on my local filesystem, this
runs the test in a new dir every time.
2022-09-08 18:45:30 +02:00
Jochen Sprickerhof
5b79e7aea8
Fix trailing whitespace 2022-09-05 17:50:13 +02:00
Jochen Sprickerhof
c89a9f0e8b
Add timeout argument to requests.(get,post) 2022-09-05 17:50:10 +02:00
Hans-Christoph Steiner
c6cf0468ed nightly: update Raw URLs to fix breakage and avoid redirects 2022-08-26 07:18:19 +00:00
FestplattenSchnitzel
7c89e923f6 Move methods specific to import to it's module 2022-08-24 22:21:37 +02:00
FestplattenSchnitzel
7b7f863c65 [import] Rename to import_subcommand internally
This enables normal import of the module without the need for
workarounds.
2022-08-24 22:21:35 +02:00
linsui
832ed18fca scanner: also scan classpath 2022-08-24 21:34:55 +02:00
Hans-Christoph Steiner
9e58fc8cda
verify: normalize dicts via JSON for reliable comparisons
13016c5d63 in !602 used a set to prevent
duplicate entries, but that worked poorly because it required lots of
data wrapping.  Instead, just normalize to JSON, then equality is easy.
2022-08-24 19:16:33 +02:00
linsui
516a0c2ce8 Fix tag match with GitPython 2022-08-24 10:50:09 +00:00
linsui
f99dbec012 scanner: fix maven url check for kts files 2022-08-08 15:52:47 +00:00
Jochen Sprickerhof
eb79522a36 Fix flake8 E275 missing whitespace after keyword 2022-07-31 09:48:14 +02:00
Jochen Sprickerhof
7822db2881 Catch DefusedXmlException (as ValueError)
defusedxml can't handle the nbsp in the strings.xml (etree can).
2022-07-25 09:30:25 +02:00
Michael Pöhn
ab579be6b5 add some basic tests for scanner.main 2022-07-17 15:52:52 +02:00
Michael Pöhn
42d9ac446c get tests working on ci 2022-07-17 15:50:07 +02:00
Michael Pöhn
1c2b084410 🔧 improve scanner.scan_apk tests
Refactor test function it a TestCase and split into separate test cases.
Fix and improve tests for scanning apks with embedded apks.
2022-07-17 15:50:07 +02:00
Michael Pöhn
07a366a4d6 add tests for scanner.load_exodus_trackers_signatures 2022-07-17 15:50:07 +02:00
Michael Pöhn
a1677b5cb0 add test case for _exodus_compile_signatures 2022-07-17 15:50:07 +02:00
Hans-Christoph Steiner
e2d9dedbb1 build: add test to ensure the flags are passed to the buildserver
!1141
2022-06-08 21:15:51 +02:00
Hans-Christoph Steiner
2bf6848391 test_find_apksigner_system_package_android_home if build_tools is new enough 2022-06-08 20:39:44 +02:00
Hans-Christoph Steiner
fe22958476
run-tests: skip tests that require apksigner when running on Java8
The buildserver VM has not been upgraded yet to bullseye, so it is still on
Debian/stretch.  The buildserver VM does not need to run `fdroid update`,
`fdroid signindex`, etc. so this new apksigner requirement should not
affect app builds even though they are stuck on Debian/stretch.
2022-06-07 16:56:25 +02:00
Hans-Christoph Steiner
3182b77d18
use apksigner to sign index-v2 with modern, supported algorithms
The current signing method uses apksigner to sign the JAR so that it
will automatically select algorithms that are compatible with Android
SDK 23, which added the most recent algorithms:
https://developer.android.com/reference/java/security/Signature

This signing method uses then inherits the default signing algothim
settings, since Java and Android both maintain those.  That helps
avoid a repeat of being stuck on an old signing algorithm.  That means
specifically that this call to apksigner does not specify any of the
algorithms.

The old indexes must be signed by SHA1withRSA otherwise they will no
longer be compatible with old Androids.

apksigner 30.0.0+ is available in Debian/bullseye, Debian/buster-backports,
Ubuntu 21.10, and Ubuntu 20.04 from the fdroid PPA.  Here's a quick way to
test:

for f in `ls -1 /opt/android-sdk/build-tools/*/apksigner | sort ` /usr/bin/apksigner; do printf "$f : "; $f sign --v4-signing-enabled false; done

closes #1005
2022-06-07 16:56:23 +02:00
Hans-Christoph Steiner
7544761e86
index: add test for --nosign config and file generation 2022-06-07 13:22:06 +02:00
Hans-Christoph Steiner
c6dcc82ca4 allow common.get_apk_id() to be used in the API
If a project uses fdroidserver as a library, then just calls
common.get_apk_id(), it will now work.  Before, that project would have had
to include something like `common.config = {}` to avoid a stacktrace.
2022-05-26 22:18:21 +02:00
Hans-Christoph Steiner
2639909f90 add test cases for parsing smartcardoptions config field 2022-05-26 16:49:43 +02:00
Hans-Christoph Steiner
cbd4828561 include index-v2 in signindex tests 2022-05-24 11:35:46 +02:00
Hans-Christoph Steiner
2448f070e9 fix tests and docstring error 2022-05-23 15:34:30 +02:00
Jochen Sprickerhof
b07d23ff5c Don't include disabled apks in the index
This needs a rerun of `fdroid update --clean`.

In case a build is disabled delete_disabled_builds takes care of
deleting it from the repo. But this only works if the apk follows the
normal name pattern. Otherwise it will stay in the folder and be picked
up by process_apks and added to the index.

Closes: #1002
2022-05-23 11:47:53 +00:00
Jochen Sprickerhof
d70e5c2cd9 Index v2 2022-05-23 10:39:17 +00:00
Hans-Christoph Steiner
73c31e6e63
signindex: do not remove index-v1.json after signing
With ~index-v2, the model is changing to offer the plain JSON file for easy
consumption.  Then gpgsign will also provide a detached PGP signature for
systems that would rather verify based on PGP signatures than JAR signatures.

!1080
closes #969
2022-05-17 15:38:06 +02:00
Jochen Sprickerhof
08e3e445fb Merge androguard_test into update.TestCase 2022-05-10 14:40:03 +00:00
Jochen Sprickerhof
e82888837e Fix androguard_test
- SdkToolsPopen expects a list.
- info.guardianproject.urzip.apk is not in the repo.
- scan_apk_aapt was removed in 08931f45 so define output.
2022-05-10 14:40:03 +00:00
Hans-Christoph Steiner
107593d3ba net: improve parsing filenames from URL
This is more relevant to issuebot than fdroidserver, but it can't hurt here
also.
2022-05-09 20:59:15 +02:00
linsui
df1e0e30d5 fix tests 2022-05-07 02:17:26 +00:00
linsui
90bc8e1e8f scan gradle.kts 2022-05-07 00:43:55 +08:00
Jochen Sprickerhof
94ccd022c4 Add apk.embedded_1.apk test 2022-05-03 14:59:52 +00:00
Jochen Sprickerhof
9c8e128064 [scanner] replace apkanalyzer by dexdump 2022-05-03 14:59:52 +00:00
Hans-Christoph Steiner
9f477dee56
signindex: added simple test case 2022-04-25 22:38:34 +02:00
Sergey Bobrenok
46f4205fff Avoid zero-length prefixes in PATH
A zero-length prefix in PATH is a legacy feature that indicates the
current working directory.

https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03

Found in ru.nsu.bobrofon.easysshfs, see:
https://gitlab.com/fdroid/fdroiddata/-/merge_requests/10953#note_921802636
2022-04-24 16:33:33 +03:00
Jochen Sprickerhof
5f3eb601df Add check for repo/archive_url 2022-04-21 11:16:14 +02:00
Jochen Sprickerhof
0c390c943d [checkupdates] update submodules according to tag
In case the version information is inside a submodule we need to
checkout the submodule at the version of the tag we test.

Found with org.courville.nova.

Closes: #622
2022-03-10 12:49:03 +01:00
Simon Ser
757e30ad85 Add test case for Triple-T metadata in a Flutter project 2022-03-07 12:40:37 +01:00
Hans-Christoph Steiner
707cd7addb
publish index-v1.json and include a gpg signature
This gives a more flexible and direct way for many clients to consume the
index file. #969
2022-02-22 22:58:09 +01:00
Hans-Christoph Steiner
d1fd58681e
nightly: stop stripping APKs before signing, apksigner does it
* https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1033#note_742563869
* https://github.com/wardvl/f-droid-nightly-action/issues/3
2022-02-22 22:29:09 +01:00
Jochen Sprickerhof
b73663967b Only ignore opening a second MR 2021-12-30 19:23:05 +00:00
Jochen Sprickerhof
460dffe82b Don't open second MR for gradle (Closes: #914)
Traceback (most recent call last):
  File "/builds/fdroid/fdroidserver/./tests/gradle-release-checksums.py", line 130, in <module>
    mr = project.mergerequests.create({
  File "/usr/lib/python3/dist-packages/gitlab/exceptions.py", line 281, in wrapped_f
    raise error(e.error_message, e.response_code, e.response_body) from e
gitlab.exceptions.GitlabCreateError: 409: ['Another open merge request already exists for this source branch: !1064']
2021-12-30 10:00:46 +01:00
jugendhacker
b236773455 Fix subproject regex to allow subdir without colon 2021-11-30 08:28:17 +00:00
Jochen Sprickerhof
a5deaa80d8 Parse single digit sizes
Closes: #946
2021-11-27 21:44:47 +01:00
Gaurav Ujjwal
aead3310bd NDK Install: Handle symlinks present in NDK zip 2021-11-03 08:13:21 +00:00
Hans-Christoph Steiner
da10acfe2c
update: add test with APK for icon_id related exceptions 2021-10-01 16:44:14 +02:00
Hans-Christoph Steiner
c71c2465d3
tests: silence the linters 2021-09-20 10:51:54 +02:00
Hans-Christoph Steiner
d6fd165444 test whether NDK version parsing is working properly 2021-09-20 10:18:16 +02:00
Hans-Christoph Steiner
8ea154c125 fix IndexTest.test_gitlab_get_mirror_service_urls
This makes it actually call the method rather than mocking it.
2021-09-13 13:18:21 +02:00
Hans-Christoph Steiner
7987c746de index: do not include GitLab Pages mirror if it can't be deployed
GitLab Pages sites are limited to 1GB on gitlab.com, so the CI/CD job will
fail if the repo is bigger than that.  It should not be included as a
mirror in that case.

https://docs.gitlab.com/ee/user/gitlab_com/#gitlab-pages
2021-09-11 15:30:55 +00:00
Hans-Christoph Steiner
a56d377c9e
update: modernize options handling in tests
This moves everything to the Options class, and resets the options between
test runs.
2021-08-05 16:44:40 +02:00
Hans-Christoph Steiner
3b95d3de64
update: AllowedAPKSigningKeys metadata to enforce APK signers
This field lets you specify which signing certificates should be
trusted for APKs in a binary repo.
2021-08-05 16:43:48 +02:00
Felix C. Stegerman
d518971204
add test_insert_triple_t_anysoftkeyboard() 2021-08-04 17:33:38 +02:00
Felix C. Stegerman
4c4a283ae2
update test_insert_triple_t_multiple_metadata() test data 2021-08-03 20:53:56 +02:00
Jochen Sprickerhof
121e06e4b7 Fix CheckupdatesTest 2021-07-29 11:52:22 +02:00
Jochen Sprickerhof
8f836b3b01 [checkupdates] Move log messages into method 2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
6f7a1ecf01 [checkupdates] Don't catch exceptions
Basically moves all code one level up.
2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
a2db8f4a62 [checkupdates] Exit 1 in case of errors 2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
331b4830dd Support multiple flavours in parse_androidmanifests
Previously only the last flavour was checked.
2021-07-24 21:20:19 +02:00
Pierre Rudloff
d04c3f65c2 New com.jens.automation2 test case 2021-07-06 08:30:08 +00:00
Felix C. Stegerman
73f28a611c
add test_insert_triple_t_multiple_metadata() 2021-07-03 21:20:18 +02:00
Hans-Christoph Steiner
40c77892a2
do not crash when config.yml is 0 bytes or empty of data 2021-07-01 14:45:35 +02:00
Hans-Christoph Steiner
5267699d81
index: make download_repo_index() handle common URL mistakes 2021-07-01 14:43:58 +02:00
Jochen Sprickerhof
70a11b3d79 Ignore ~/.gitconfig in tests and drop version test
git version 2.3 was released in 2015.
2021-06-25 13:22:58 +02:00
Jochen Sprickerhof
674786db96 [checkupdates] Ignore broken submodule
In case the app repository has a broken submodule, checkupdates failed
and did not search for any version updates. Ignoring the error let's us
at least find new version in the main repo (which is probably the right
place anyhow) and thus an improvement.
2021-06-25 12:15:41 +02:00
Hans-Christoph Steiner
9500b9d2e9
gradle-release-checksums.py: check for GitLab token before committing 2021-06-24 21:34:34 +02:00
linsui
763a2ee80d fix invalid extension of output apk 2021-06-24 13:42:10 +00:00
Hans-Christoph Steiner
78d37bb13b switch to allow/block list terminology throughout code base
allowlist and blocklist are much clearer terms with no cultural baggage.
This changes all "whitelist" references to "allowlist", and all "blacklist"
references to "blocklist".
2021-06-18 18:26:50 +00:00
Hans-Christoph Steiner
36849b2fba
skip tests on Windows that need bash 2021-06-18 11:12:22 +02:00
Hans-Christoph Steiner
1f5534d060
require config.yml use UTF-8 as encoding
config.yml requires ASCII or UTF-8 encoding because this code does not
auto-detect the file's encoding.  That is left up to the YAML library.
YAML allows ASCII, UTF-8, UTF-16, and UTF-32 encodings.  Since it is a
good idea to manage config.yml (WITHOUT PASSWORDS!) in git, it makes
sense to use a globally standard encoding.
2021-06-18 11:12:20 +02:00
Hans-Christoph Steiner
48c4354629
always open Android source files as UTF-8
Android Studio recommends "you use UTF-8 encoding whenever possible",
so this code assumes the files use UTF-8.  UTF-8 is also the default
encoding on GNU/Linux and macOS.
https://sites.google.com/a/android.com/tools/knownissues/encoding

Windows will probably default to UTF16, since that's the native
encoding for files.  So forcing things to use UTF-8 should help
compatibility.
2021-06-18 11:12:18 +02:00
Gerhard Olsson
0c31c4a5ab
win fixes 2021-06-18 10:30:59 +02:00
Hans-Christoph Steiner
a6d35a7ee1
metadata: always open metadata files as UTF-8
Windows seems to require this, otherwise this happens:

Traceback (most recent call last):

  File "tests/update.TestCase", line 737, in test_translate_per_build_anti_features

    apps = fdroidserver.metadata.read_metadata(xref=True)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 813, in read_metadata

    app = parse_metadata(metadatapath, appid in check_vcs, refresh)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 1023, in parse_metadata

    parse_yaml_metadata(mf, app)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 1073, in parse_yaml_metadata

    yamldata = yaml.safe_load(mf)

  File "C:\python37\lib\site-packages\yaml\__init__.py", line 162, in safe_load

    return load(stream, SafeLoader)

  File "C:\python37\lib\site-packages\yaml\__init__.py", line 112, in load

    loader = Loader(stream)

  File "C:\python37\lib\site-packages\yaml\loader.py", line 34, in __init__

    Reader.__init__(self, stream)

  File "C:\python37\lib\site-packages\yaml\reader.py", line 85, in __init__

    self.determine_encoding()

  File "C:\python37\lib\site-packages\yaml\reader.py", line 124, in determine_encoding

    self.update_raw()

  File "C:\python37\lib\site-packages\yaml\reader.py", line 178, in update_raw

    data = self.stream.read(size)

  File "C:\python37\lib\encodings\cp1252.py", line 23, in decode

    return codecs.charmap_decode(input,self.errors,decoding_table)[0]

UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 37: character maps to <undefined>
2021-06-18 10:30:55 +02:00
Hans-Christoph Steiner
4514983e58
fix typo 2021-06-18 10:30:50 +02:00
Hans-Christoph Steiner
1abbc9732e
metadata: add test_build_ndk_path 2021-06-18 10:30:44 +02:00
Jochen Sprickerhof
39c55d799b [checkupdates] Only update if version code is grater
Don't change the current versions in case there is an error in the check_* methods or upstream screwed up.
2021-06-17 11:52:37 +00:00
Jochen Sprickerhof
3809b4d424 Ignore git submodule failure in gotorevisionx
gotorevisionx tries to clean up the git repo before checking out a new
revision. In b848b99ba this was changed to reset and clean any submodule
as well. In case upstream has a broken submodule configuration this
could fail and we can't checkout the new revision. As we are doing a
reset and clean after checking out the new revision anyhow, this change
ignores submodule errors before the checkout and only makes sure that
the main repo is reset and clean.

This broke checkupdates for apps where old versions had broken
submodules. It checkout out the old version and got stuck, not able to
checkout any other version.
2021-06-15 20:39:18 +02:00
Jochen Sprickerhof
cebdcdd67c [checkupdates] UpdateCheckData tag for verocode if no regex
Use the tag as the version code if no regex was specified. This allows:

UpdateCheckData: '|||'

meaning the tag should be used for version code and name.
2021-06-15 19:27:29 +02:00
Jochen Sprickerhof
4e97b58d8c latesttags revert to git log and fix comma handling
2de34312 tried to fix the comma handling by relying on git tag --sort.
This did not work out so this reverts to the method used before.
2021-06-15 08:39:59 +02:00
Jochen Sprickerhof
2de3431296 Use git tag in latesttags 2021-06-14 18:56:59 +00:00
Jochen Sprickerhof
1e6de7eb34 Support '{' in extra line in parse_androidmanifests
If the flavour group starts in a separate line don't count it as a
second group.

Closes: #899
2021-06-13 07:23:42 +02:00
Jochen Sprickerhof
0fefecde1e Fix matching substring flavour detection
com.github.jameshnsears.quoteunquote defines flavours 'fdroid' and
'fdroidS'. The old code used flavour in line, which matches both and the
wrong one was selected.

Closes: #912
2021-06-13 00:09:02 +02:00