1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-05 06:50:10 +01:00
Commit Graph

718 Commits

Author SHA1 Message Date
Michael Pöhn
42d9ac446c get tests working on ci 2022-07-17 15:50:07 +02:00
Michael Pöhn
1c2b084410 🔧 improve scanner.scan_apk tests
Refactor test function it a TestCase and split into separate test cases.
Fix and improve tests for scanning apks with embedded apks.
2022-07-17 15:50:07 +02:00
Michael Pöhn
07a366a4d6 add tests for scanner.load_exodus_trackers_signatures 2022-07-17 15:50:07 +02:00
Michael Pöhn
a1677b5cb0 add test case for _exodus_compile_signatures 2022-07-17 15:50:07 +02:00
Hans-Christoph Steiner
e2d9dedbb1 build: add test to ensure the flags are passed to the buildserver
!1141
2022-06-08 21:15:51 +02:00
Hans-Christoph Steiner
2bf6848391 test_find_apksigner_system_package_android_home if build_tools is new enough 2022-06-08 20:39:44 +02:00
Hans-Christoph Steiner
fe22958476
run-tests: skip tests that require apksigner when running on Java8
The buildserver VM has not been upgraded yet to bullseye, so it is still on
Debian/stretch.  The buildserver VM does not need to run `fdroid update`,
`fdroid signindex`, etc. so this new apksigner requirement should not
affect app builds even though they are stuck on Debian/stretch.
2022-06-07 16:56:25 +02:00
Hans-Christoph Steiner
3182b77d18
use apksigner to sign index-v2 with modern, supported algorithms
The current signing method uses apksigner to sign the JAR so that it
will automatically select algorithms that are compatible with Android
SDK 23, which added the most recent algorithms:
https://developer.android.com/reference/java/security/Signature

This signing method uses then inherits the default signing algothim
settings, since Java and Android both maintain those.  That helps
avoid a repeat of being stuck on an old signing algorithm.  That means
specifically that this call to apksigner does not specify any of the
algorithms.

The old indexes must be signed by SHA1withRSA otherwise they will no
longer be compatible with old Androids.

apksigner 30.0.0+ is available in Debian/bullseye, Debian/buster-backports,
Ubuntu 21.10, and Ubuntu 20.04 from the fdroid PPA.  Here's a quick way to
test:

for f in `ls -1 /opt/android-sdk/build-tools/*/apksigner | sort ` /usr/bin/apksigner; do printf "$f : "; $f sign --v4-signing-enabled false; done

closes #1005
2022-06-07 16:56:23 +02:00
Hans-Christoph Steiner
7544761e86
index: add test for --nosign config and file generation 2022-06-07 13:22:06 +02:00
Hans-Christoph Steiner
c6dcc82ca4 allow common.get_apk_id() to be used in the API
If a project uses fdroidserver as a library, then just calls
common.get_apk_id(), it will now work.  Before, that project would have had
to include something like `common.config = {}` to avoid a stacktrace.
2022-05-26 22:18:21 +02:00
Hans-Christoph Steiner
2639909f90 add test cases for parsing smartcardoptions config field 2022-05-26 16:49:43 +02:00
Hans-Christoph Steiner
cbd4828561 include index-v2 in signindex tests 2022-05-24 11:35:46 +02:00
Hans-Christoph Steiner
2448f070e9 fix tests and docstring error 2022-05-23 15:34:30 +02:00
Jochen Sprickerhof
b07d23ff5c Don't include disabled apks in the index
This needs a rerun of `fdroid update --clean`.

In case a build is disabled delete_disabled_builds takes care of
deleting it from the repo. But this only works if the apk follows the
normal name pattern. Otherwise it will stay in the folder and be picked
up by process_apks and added to the index.

Closes: #1002
2022-05-23 11:47:53 +00:00
Jochen Sprickerhof
d70e5c2cd9 Index v2 2022-05-23 10:39:17 +00:00
Hans-Christoph Steiner
73c31e6e63
signindex: do not remove index-v1.json after signing
With ~index-v2, the model is changing to offer the plain JSON file for easy
consumption.  Then gpgsign will also provide a detached PGP signature for
systems that would rather verify based on PGP signatures than JAR signatures.

!1080
closes #969
2022-05-17 15:38:06 +02:00
Jochen Sprickerhof
08e3e445fb Merge androguard_test into update.TestCase 2022-05-10 14:40:03 +00:00
Jochen Sprickerhof
e82888837e Fix androguard_test
- SdkToolsPopen expects a list.
- info.guardianproject.urzip.apk is not in the repo.
- scan_apk_aapt was removed in 08931f45 so define output.
2022-05-10 14:40:03 +00:00
Hans-Christoph Steiner
107593d3ba net: improve parsing filenames from URL
This is more relevant to issuebot than fdroidserver, but it can't hurt here
also.
2022-05-09 20:59:15 +02:00
linsui
df1e0e30d5 fix tests 2022-05-07 02:17:26 +00:00
linsui
90bc8e1e8f scan gradle.kts 2022-05-07 00:43:55 +08:00
Jochen Sprickerhof
94ccd022c4 Add apk.embedded_1.apk test 2022-05-03 14:59:52 +00:00
Jochen Sprickerhof
9c8e128064 [scanner] replace apkanalyzer by dexdump 2022-05-03 14:59:52 +00:00
Hans-Christoph Steiner
9f477dee56
signindex: added simple test case 2022-04-25 22:38:34 +02:00
Sergey Bobrenok
46f4205fff Avoid zero-length prefixes in PATH
A zero-length prefix in PATH is a legacy feature that indicates the
current working directory.

https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03

Found in ru.nsu.bobrofon.easysshfs, see:
https://gitlab.com/fdroid/fdroiddata/-/merge_requests/10953#note_921802636
2022-04-24 16:33:33 +03:00
Jochen Sprickerhof
5f3eb601df Add check for repo/archive_url 2022-04-21 11:16:14 +02:00
Jochen Sprickerhof
0c390c943d [checkupdates] update submodules according to tag
In case the version information is inside a submodule we need to
checkout the submodule at the version of the tag we test.

Found with org.courville.nova.

Closes: #622
2022-03-10 12:49:03 +01:00
Simon Ser
757e30ad85 Add test case for Triple-T metadata in a Flutter project 2022-03-07 12:40:37 +01:00
Hans-Christoph Steiner
707cd7addb
publish index-v1.json and include a gpg signature
This gives a more flexible and direct way for many clients to consume the
index file. #969
2022-02-22 22:58:09 +01:00
Hans-Christoph Steiner
d1fd58681e
nightly: stop stripping APKs before signing, apksigner does it
* https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1033#note_742563869
* https://github.com/wardvl/f-droid-nightly-action/issues/3
2022-02-22 22:29:09 +01:00
Jochen Sprickerhof
b73663967b Only ignore opening a second MR 2021-12-30 19:23:05 +00:00
Jochen Sprickerhof
460dffe82b Don't open second MR for gradle (Closes: #914)
Traceback (most recent call last):
  File "/builds/fdroid/fdroidserver/./tests/gradle-release-checksums.py", line 130, in <module>
    mr = project.mergerequests.create({
  File "/usr/lib/python3/dist-packages/gitlab/exceptions.py", line 281, in wrapped_f
    raise error(e.error_message, e.response_code, e.response_body) from e
gitlab.exceptions.GitlabCreateError: 409: ['Another open merge request already exists for this source branch: !1064']
2021-12-30 10:00:46 +01:00
jugendhacker
b236773455 Fix subproject regex to allow subdir without colon 2021-11-30 08:28:17 +00:00
Jochen Sprickerhof
a5deaa80d8 Parse single digit sizes
Closes: #946
2021-11-27 21:44:47 +01:00
Gaurav Ujjwal
aead3310bd NDK Install: Handle symlinks present in NDK zip 2021-11-03 08:13:21 +00:00
Hans-Christoph Steiner
da10acfe2c
update: add test with APK for icon_id related exceptions 2021-10-01 16:44:14 +02:00
Hans-Christoph Steiner
c71c2465d3
tests: silence the linters 2021-09-20 10:51:54 +02:00
Hans-Christoph Steiner
d6fd165444 test whether NDK version parsing is working properly 2021-09-20 10:18:16 +02:00
Hans-Christoph Steiner
8ea154c125 fix IndexTest.test_gitlab_get_mirror_service_urls
This makes it actually call the method rather than mocking it.
2021-09-13 13:18:21 +02:00
Hans-Christoph Steiner
7987c746de index: do not include GitLab Pages mirror if it can't be deployed
GitLab Pages sites are limited to 1GB on gitlab.com, so the CI/CD job will
fail if the repo is bigger than that.  It should not be included as a
mirror in that case.

https://docs.gitlab.com/ee/user/gitlab_com/#gitlab-pages
2021-09-11 15:30:55 +00:00
Hans-Christoph Steiner
a56d377c9e
update: modernize options handling in tests
This moves everything to the Options class, and resets the options between
test runs.
2021-08-05 16:44:40 +02:00
Hans-Christoph Steiner
3b95d3de64
update: AllowedAPKSigningKeys metadata to enforce APK signers
This field lets you specify which signing certificates should be
trusted for APKs in a binary repo.
2021-08-05 16:43:48 +02:00
Felix C. Stegerman
d518971204
add test_insert_triple_t_anysoftkeyboard() 2021-08-04 17:33:38 +02:00
Felix C. Stegerman
4c4a283ae2
update test_insert_triple_t_multiple_metadata() test data 2021-08-03 20:53:56 +02:00
Jochen Sprickerhof
121e06e4b7 Fix CheckupdatesTest 2021-07-29 11:52:22 +02:00
Jochen Sprickerhof
8f836b3b01 [checkupdates] Move log messages into method 2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
6f7a1ecf01 [checkupdates] Don't catch exceptions
Basically moves all code one level up.
2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
a2db8f4a62 [checkupdates] Exit 1 in case of errors 2021-07-28 00:09:40 +02:00
Jochen Sprickerhof
331b4830dd Support multiple flavours in parse_androidmanifests
Previously only the last flavour was checked.
2021-07-24 21:20:19 +02:00
Pierre Rudloff
d04c3f65c2 New com.jens.automation2 test case 2021-07-06 08:30:08 +00:00
Felix C. Stegerman
73f28a611c
add test_insert_triple_t_multiple_metadata() 2021-07-03 21:20:18 +02:00
Hans-Christoph Steiner
40c77892a2
do not crash when config.yml is 0 bytes or empty of data 2021-07-01 14:45:35 +02:00
Hans-Christoph Steiner
5267699d81
index: make download_repo_index() handle common URL mistakes 2021-07-01 14:43:58 +02:00
Jochen Sprickerhof
70a11b3d79 Ignore ~/.gitconfig in tests and drop version test
git version 2.3 was released in 2015.
2021-06-25 13:22:58 +02:00
Jochen Sprickerhof
674786db96 [checkupdates] Ignore broken submodule
In case the app repository has a broken submodule, checkupdates failed
and did not search for any version updates. Ignoring the error let's us
at least find new version in the main repo (which is probably the right
place anyhow) and thus an improvement.
2021-06-25 12:15:41 +02:00
Hans-Christoph Steiner
9500b9d2e9
gradle-release-checksums.py: check for GitLab token before committing 2021-06-24 21:34:34 +02:00
linsui
763a2ee80d fix invalid extension of output apk 2021-06-24 13:42:10 +00:00
Hans-Christoph Steiner
78d37bb13b switch to allow/block list terminology throughout code base
allowlist and blocklist are much clearer terms with no cultural baggage.
This changes all "whitelist" references to "allowlist", and all "blacklist"
references to "blocklist".
2021-06-18 18:26:50 +00:00
Hans-Christoph Steiner
36849b2fba
skip tests on Windows that need bash 2021-06-18 11:12:22 +02:00
Hans-Christoph Steiner
1f5534d060
require config.yml use UTF-8 as encoding
config.yml requires ASCII or UTF-8 encoding because this code does not
auto-detect the file's encoding.  That is left up to the YAML library.
YAML allows ASCII, UTF-8, UTF-16, and UTF-32 encodings.  Since it is a
good idea to manage config.yml (WITHOUT PASSWORDS!) in git, it makes
sense to use a globally standard encoding.
2021-06-18 11:12:20 +02:00
Hans-Christoph Steiner
48c4354629
always open Android source files as UTF-8
Android Studio recommends "you use UTF-8 encoding whenever possible",
so this code assumes the files use UTF-8.  UTF-8 is also the default
encoding on GNU/Linux and macOS.
https://sites.google.com/a/android.com/tools/knownissues/encoding

Windows will probably default to UTF16, since that's the native
encoding for files.  So forcing things to use UTF-8 should help
compatibility.
2021-06-18 11:12:18 +02:00
Gerhard Olsson
0c31c4a5ab
win fixes 2021-06-18 10:30:59 +02:00
Hans-Christoph Steiner
a6d35a7ee1
metadata: always open metadata files as UTF-8
Windows seems to require this, otherwise this happens:

Traceback (most recent call last):

  File "tests/update.TestCase", line 737, in test_translate_per_build_anti_features

    apps = fdroidserver.metadata.read_metadata(xref=True)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 813, in read_metadata

    app = parse_metadata(metadatapath, appid in check_vcs, refresh)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 1023, in parse_metadata

    parse_yaml_metadata(mf, app)

  File "C:\Users\travis\build\fdroidtravis\fdroidserver\fdroidserver\metadata.py", line 1073, in parse_yaml_metadata

    yamldata = yaml.safe_load(mf)

  File "C:\python37\lib\site-packages\yaml\__init__.py", line 162, in safe_load

    return load(stream, SafeLoader)

  File "C:\python37\lib\site-packages\yaml\__init__.py", line 112, in load

    loader = Loader(stream)

  File "C:\python37\lib\site-packages\yaml\loader.py", line 34, in __init__

    Reader.__init__(self, stream)

  File "C:\python37\lib\site-packages\yaml\reader.py", line 85, in __init__

    self.determine_encoding()

  File "C:\python37\lib\site-packages\yaml\reader.py", line 124, in determine_encoding

    self.update_raw()

  File "C:\python37\lib\site-packages\yaml\reader.py", line 178, in update_raw

    data = self.stream.read(size)

  File "C:\python37\lib\encodings\cp1252.py", line 23, in decode

    return codecs.charmap_decode(input,self.errors,decoding_table)[0]

UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 37: character maps to <undefined>
2021-06-18 10:30:55 +02:00
Hans-Christoph Steiner
4514983e58
fix typo 2021-06-18 10:30:50 +02:00
Hans-Christoph Steiner
1abbc9732e
metadata: add test_build_ndk_path 2021-06-18 10:30:44 +02:00
Jochen Sprickerhof
39c55d799b [checkupdates] Only update if version code is grater
Don't change the current versions in case there is an error in the check_* methods or upstream screwed up.
2021-06-17 11:52:37 +00:00
Jochen Sprickerhof
3809b4d424 Ignore git submodule failure in gotorevisionx
gotorevisionx tries to clean up the git repo before checking out a new
revision. In b848b99ba this was changed to reset and clean any submodule
as well. In case upstream has a broken submodule configuration this
could fail and we can't checkout the new revision. As we are doing a
reset and clean after checking out the new revision anyhow, this change
ignores submodule errors before the checkout and only makes sure that
the main repo is reset and clean.

This broke checkupdates for apps where old versions had broken
submodules. It checkout out the old version and got stuck, not able to
checkout any other version.
2021-06-15 20:39:18 +02:00
Jochen Sprickerhof
cebdcdd67c [checkupdates] UpdateCheckData tag for verocode if no regex
Use the tag as the version code if no regex was specified. This allows:

UpdateCheckData: '|||'

meaning the tag should be used for version code and name.
2021-06-15 19:27:29 +02:00
Jochen Sprickerhof
4e97b58d8c latesttags revert to git log and fix comma handling
2de34312 tried to fix the comma handling by relying on git tag --sort.
This did not work out so this reverts to the method used before.
2021-06-15 08:39:59 +02:00
Jochen Sprickerhof
2de3431296 Use git tag in latesttags 2021-06-14 18:56:59 +00:00
Jochen Sprickerhof
1e6de7eb34 Support '{' in extra line in parse_androidmanifests
If the flavour group starts in a separate line don't count it as a
second group.

Closes: #899
2021-06-13 07:23:42 +02:00
Jochen Sprickerhof
0fefecde1e Fix matching substring flavour detection
com.github.jameshnsears.quoteunquote defines flavours 'fdroid' and
'fdroidS'. The old code used flavour in line, which matches both and the
wrong one was selected.

Closes: #912
2021-06-13 00:09:02 +02:00
Jochen Sprickerhof
bdec7d8652 [checkupdates] UpdateCheckData use tag by default
Use the tag as version, if no version file was specified:

UpdateCheckData: app/build.gradle|versionCode\s(\d+)||

Extract version from tag, if a regex was specified:

UpdateCheckData: app/build.gradle|versionCode\s(\d+)||Android-([\d.]+)

Use the tag for both if no file was specified:

UpdateCheckData: |\+(\d+)||Android-([\d.]+)
2021-06-09 14:02:02 +02:00
Jochen Sprickerhof
a9a336a12b Don't allow '_' in first place of version code
Fixes a regression of 2cb0ff45. Example:

versionCode project.versionCode_plus

931b0a3087/app/build.gradle (L38)
2021-06-09 11:04:25 +00:00
Jochen Sprickerhof
69a0a7da39 [checkupdates] UpdateCheckData warn if file was not found
Instead of throwing an exception.
2021-06-09 11:52:11 +02:00
linsui
6bafb036ee lint.py: use pathlib and support Windows 2021-06-09 15:46:52 +08:00
Hans-Christoph Steiner
490f578d1c remove redundant call to Path() 2021-06-08 16:50:48 +02:00
linsui
8f21f1e510 metadata.py/rewritemeta.py: use pathlib and support Windows 2021-06-08 21:31:55 +08:00
linsui
d6eece6395 import.py: use pathlib and support Windows 2021-06-08 18:33:22 +08:00
linsui
84b74d481e fix tests for !935 2021-06-07 15:33:57 +00:00
linsui
92ec6265a3 checkupdates.py: use pathlib and support Windows 2021-06-07 21:02:03 +08:00
Jochen Sprickerhof
133b626b22 Support UpdateCheckData in check_tags 2021-06-07 13:47:18 +02:00
Hans-Christoph Steiner
d05ff9db1d
easy changes to black code format in test cases
This does not change areas of code that should be manually reformatted.
2021-06-07 11:53:58 +02:00
Hans-Christoph Steiner
cb09a16133
tests/ndk-release-checksums.py: fix parsing of NDK r10e
This wasn't finding r10e properly, so it would submit merge requests
to remove r10e from _fdroidserver_.

* !940
* !930
2021-06-07 09:58:12 +02:00
Jochen Sprickerhof
185da60d93 Support AutoUpdateMode: Version without pattern
Since 24dd6740 UpdateCheckMode: Tags uses the found tag instead of
regenerating it from the AutoUpdateMode pattern making the pattern
superfluous. This adds support for dropping the pattern and a test case.
2021-06-01 13:59:49 +02:00
Hans-Christoph Steiner
52ac0f0176 ndk-release-checksums.py: fix crash, there is no version here 2021-05-28 10:32:09 +02:00
Hans-Christoph Steiner
09fa49a7a3
make get_android_tools_versions() search ndk_paths from config 2021-05-28 09:13:38 +02:00
Hans-Christoph Steiner
7a1d236c8d
only support zipballs in NDK provisioning
Since I discovered there is an r10e zipball, this can now get all NDKs
in zipball form.
fdroid/android-sdk-transparency-log@447fea86e7

closes #902
2021-05-28 09:13:36 +02:00
Hans-Christoph Steiner
9f77044d0d
auto-detect NDKs installed in standard paths
'ndk_paths' will be automatically filled out from well known sources
like $ANDROID_HOME/ndk-bundle and $ANDROID_HOME/ndk/*.  If a required
version is missing in the buildserver VM, it will be automatically
downloaded and installed into the standard $ANDROID_HOME/ndk/
directory.  Manually setting it here will override the auto-detected
values.  The keys can either be the "release" (e.g. r21e) or the
"revision" (e.g. 21.4.7075529).

https://developer.android.com/studio/projects/configure-agp-ndk#agp_version_41
* sdkmanager installs "ndk;12.3.4567890" into $ANDROID_SDK_ROOT/ndk/
* sdkmanager installs "ndk-bundle" into $ANDROID_SDK_ROOT/ndk-bundle/
2021-05-28 09:13:34 +02:00
Hans-Christoph Steiner
4686c06f62 metadata: allow ndk: to be str or list of release or revision
There are two version numbers used for NDKs: the "release" and the
"revision".  The "release" is used in the download URL and zipball and the
"revision" is used in the source.properties and the gradle ndkVersion field.

Also, there are some builds which need multiple NDKs installed, so this
makes it possible to have a list of release/revision entries in build.ndk.
This does not yet add full support since _fdroidserver/build.py_ will also
need changes.
2021-05-28 09:13:27 +02:00
Hans-Christoph Steiner
9d44fa7919
gitlab-ci: auto-generate merge request when NDK release found
Following the pattern of the gradle bot, this will check the transparency
log for any new NDK release.  If there are any, it will make a merge
request from @fdroid-bot.
2021-05-25 17:06:30 +02:00
Hans-Christoph Steiner
69fcd6a024
build: auto-download missing NDKS if they're known and can be verified
refs #517 #717
2021-05-25 17:06:24 +02:00
Hans-Christoph Steiner
0b0bc803b7 build: --test now keeps unsigned APKs in tmp/ that fail to reproduce
Before, whenever an unsigned APK failed to reproduce, it was just deleted.
That makes debugging hard.  This makes it keep the unsigned APK, which is
written in tmp/ when using --test.

@jspricke this is related to !864
2021-04-16 09:46:23 +02:00
Hans-Christoph Steiner
3d69e767d8
common: test abs and rel paths in get_all_gradle_and_manifests() 2021-04-16 09:40:19 +02:00
Jochen Sprickerhof
f01a3caf77 Bump METADATA_VERSION for apksigner transition
We switched to apksigner in 50f0534d but old apks where still verified
with jarsigner (or an old apksigner version). Bumping the
METADATA_VERSION to force a rebuild of apkcache.
Hopefully this resolves de.chagemann.regexcrossword getting the
KnownVuln, DisabledAlgorithm tags.
2021-04-14 22:08:26 +00:00
Hans-Christoph Steiner
2946c90dd4 publish: rename vars to match naming in JAR Signature docs
https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html

closes #892
2021-04-14 23:01:47 +02:00
Hans-Christoph Steiner
44d481768f publish: add test for reproduble builds with signatures 2021-04-14 23:01:47 +02:00
Felix C. Stegerman
202fd8b25a
vendor & use apksigcopier v0.4.0-12-g93d8e14 2021-04-14 21:06:20 +02:00
Felix C. Stegerman
67a0f3ae5b
use subclass hack for better ZIP cloning
See https://bugs.python.org/issue43547 for more info on the details.

thanks to @obfusk for the technique
2021-04-14 15:17:56 +02:00
Hans-Christoph Steiner
cff575f402 common: add test case for read_pkg_args() 2021-04-12 09:11:58 +02:00