The builder should check the `AllowedAPKSigningKeys` at build time, so
that the CI can check if somebody gives a wrong value that doesn't match
a compared RB binary. In the event it fails, it gives useful
information, and in the event it succeeds, it makes it clear that this
build has verification back to the developer's original key.
Also, add tests for this to the test suite.
Per fdroiddata!12911 the linter should error out if somebody uses `binary` or
`Binaries` without supplying an `AllowedAPKSigningKeys`.
There are two reasons for this:
- Security: this allows full verification that the binaries built match
the developers, not just what happened to get uploaded onto github at
some later point in time.
- Reliable updates: if the signing key changes, users won't be able to
update, so this is something we should learn about when upstreams send
in commits changing their signing key, rather than just leaving it to
chance.
I profiled this with timeit and a dict with 1000000000 items, and this is
the time difference:
with_equals: 0.8466835720173549
with_is: 0.8536969239939936
with_old: 1.4458542719949037
I also compared using `==` and `is`, and `==` was slightly faster.
I tried to get this to indent the .yaml files properly so yamllint defaults
work with tests/metadata/dump/*.yaml, but it didn't take for some reason:
yaml.indent(mapping=4, sequence=4, offset=2)
This function is only used in checkupdates, and removing it from the App
class moves the App class one step closer to being a plain dict, which is a
more Pythonic style.
I think most fdroidserver core devs are working on bookworm these days, and
the bullseye version is erroring on things that the bookworm version does
not.
fdroidserver/metadata.py:777 in public function `post_parse_yaml_metadata`:
D202: No blank lines allowed after function docstring (found 1)
I keep messing up YAML syntax with values that have : in them...
This doesn't work for all YAML files:
* tests/metadata/dump/*.yaml have bad indenting
* tests/metadata/*.yml have bad indenting, which is useful for tests
Before this, there were separate post-parse paths for app-fields versus
build-flags. This makes all TYPE_STRING values always go through the same
post-parse code path.
My guess is that this is some kind of vestige of the old code structure,
back when there was .txt and .yml formats. This makes it a normal Python
function: input as arg, return value is the result.
This lets mirrors: in config.yml be the same list-of-dicts format as it is
in index-v2. This also includes a data format conversion to maintain the
right format for the old, unchanging index v0 and v1 formats.
#928#1107