1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-18 12:40:11 +01:00
Commit Graph

8432 Commits

Author SHA1 Message Date
relan
946a1461f2 common: use /dev/null as stdin when calling subprocess.Popen()
We always want to run all utilities non-interactively. By default
subprocess.Popen() inherits stdin descriptor from parent process, i.e.
when fdroid is run from an interactive shell, subprocesses may expect
input from it.

Reading from /dev/null immediately returns EOF, failing any user prompt
and preventing us from hang.
2018-02-05 15:34:42 +03:00
Hans-Christoph Steiner
5db86215f6 lint: check srclibs has name and @ in it
fdroiddata!2863
2018-01-31 13:33:36 +01:00
Hans-Christoph Steiner
4b0f9d6653 Merge branch 'master' into 'master'
Option --resetserver does nothing; have it used instead

See merge request fdroid/fdroidserver!449
2018-01-31 10:01:18 +00:00
csagan5
427427481e Change --resetserver to --reset-server for consistency 2018-01-30 20:45:03 +01:00
csagan5
cf54c9514c Option --resetserver does nothing; have it used instead 2018-01-30 14:50:35 +01:00
Hans-Christoph Steiner
adaf97a3cb Merge branch 'build-timeout-customization' into 'master'
build: make per-build hard time limit customizable

See merge request fdroid/fdroidserver!446
2018-01-30 11:22:08 +01:00
Hans-Christoph Steiner
b170ef7ce8 fix metadata test: remove timeout= from comparison 2018-01-30 11:20:30 +01:00
relan
86f34ee70a build: make per-build hard time limit customizable
Add "timeout=n" metadata field that overrides build timeout (in seconds).
The default is 7200, i.e. 2 hours.
2018-01-30 11:14:50 +03:00
relan
cc4b57b10b Merge branch 'gradle-4.5' into 'master'
makebuildserver: add gradle 4.5

See merge request fdroid/fdroidserver!448
2018-01-30 06:12:32 +00:00
Marcus Hoffmann
bf8dd8f6c9
makebuildserver: add gradle 4.5 2018-01-29 18:03:14 +01:00
Hans-Christoph Steiner
84262cfead Merge branch 'crash-and-standard-imports' into 'master'
Crash and standard imports

See merge request fdroid/fdroidserver!445
2018-01-29 09:24:48 +00:00
Hans-Christoph Steiner
68099cdf1c Merge branch 'minor-security-ish-tweaks' into 'master'
security-ish tweaks

See merge request fdroid/fdroidserver!442
2018-01-29 09:23:25 +00:00
Hans-Christoph Steiner
f24cf7f71b vmtools: use standard imports: os.remove()
The rest of the code uses os.remove()
2018-01-26 10:18:42 +01:00
Hans-Christoph Steiner
4463bf238d vmtools: use standard imports: os.path.join()
The rest of the code uses os.path.join()
2018-01-26 10:18:42 +01:00
Hans-Christoph Steiner
099c98bc60 metadata: fix crash when there are duplicate metadata files
The string had the variable 'appid' while the format() call had only the
variable 'path'.  This also standardizes on 'appid' like the rest of the
code.
2018-01-26 10:18:42 +01:00
Hans-Christoph Steiner
d3caf09421 use standard User-Agent in check-fdroid-apk 2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
b851d49d24 shell=True is too dangerous to allow; there are unfiltered user inputs
There are all sorts of unfiltered user inputs like tag and branch names in
source repos.  If those names are fed into popen calls that use shell=True,
that opens up a wide range of exploits.  All core operations should never
use shell=True.
2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
07cdf848d7 use '--' in source vcs calls to protect against malicious input
This is a quick and very incomplete addition of '--' to command line calls
to source VCSs like git and hg that could manipulated by malicious
tag/branch names or other vectors.

These were all manually tested by calling the command lines on my own
machine.
2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
32213ef040 scanner: allow running without versionCode and as API
This lets `fdroid scanner my.package.name` run without requiring that the
versionCode is also specified.  It also allows scanner.scan_source() to be
called as a function in the public API of fdroidserver.
2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
53f603bf30 lint: check description for forbidden HTML tags: iframe, link, script, etc. 2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
f0940540ee buildserver: include python3-git for future use
We should be replacing all our custom git shell commands with python3-git,
since it is a common library for doing that.  It will receive a lot more
attention and maintenance than our code for doing it.  For example, we
should not ever use shell=True, since that opens up a lot of security
risks.
2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
a57f17b276 wiki: include per-app link to all related activity on gitlab.com 2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
528aa9269e Merge branch 'platform27' into 'master'
makebuildserver: re-add platform 27

Closes #445

See merge request fdroid/fdroidserver!444
2018-01-26 09:09:15 +00:00
Marcus Hoffmann
0e68971eef
makebuildserver: re-add platform 27
Closes #445
2018-01-25 16:56:56 +01:00
Marcus
9f6862ce82 Merge branch 'build_tools_27.0.3' into 'master'
makebuildserver: add build-tools 27.0.3

See merge request fdroid/fdroidserver!443
2018-01-25 13:12:53 +00:00
Marcus Hoffmann
98313fc066
makebuildserver: add build-tools 27.0.3 2018-01-25 11:53:27 +01:00
Hans-Christoph Steiner
a4bdd104d7 Merge branch 'remove-kivy' into 'master'
build: remove unused, unmaintained Kivy build method

See merge request fdroid/fdroidserver!441
2018-01-24 05:35:32 +00:00
Hans-Christoph Steiner
513c95894c build: remove unused, unmaintained Kivy build method
This code has never been used and contains some insecure uses of shell=True
Building Kivy apps should be done with the buildozer=yes method.  The
buildozer method should probably be moved to a provisioner once that is in
place.
2018-01-23 23:16:05 +01:00
Hans-Christoph Steiner
b0b9f2f601 Merge branch 'remove-qt' into 'master'
buildserver: remove Qt installer, its huge, outdated, and being replaced

See merge request fdroid/fdroidserver!440
2018-01-23 20:52:22 +00:00
Hans-Christoph Steiner
62ddab7edd buildserver: remove Qt installer, its huge, outdated, and being replaced
The currently included Qt has known security issues and is outdated.  This
can now be replaced by downloading and installing the Qt installer using
the sudo= build field.  @relan's provisioner system will also replace this
once that's done.  There are only two apps that currently use the Qt stuff:

* csd.qtproject.minesweeper
* org.openorienteering.mapper
2018-01-23 20:28:26 +01:00
Hans-Christoph Steiner
825b8e9683 Merge branch 'build_timeout' into 'master'
Build timeout

See merge request fdroid/fdroidserver!437
2018-01-22 20:49:01 +00:00
Marcus Hoffmann
a1a88e1c6a
main: force exit on keyboard interrupt
This applies the same workaround as b8ed892ad9.
2018-01-22 16:02:49 +01:00
Marcus Hoffmann
fa43066f8d
build: add global soft timeout of 12 hours
Only start new builds for 12 hours. This ensures we publish new builds
often enough even on long backlogs.

This could be made configurable at a later point.
2018-01-22 16:02:49 +01:00
Marcus Hoffmann
80e121d182
build: log timeouts to the wiki 2018-01-22 16:02:49 +01:00
Marcus Hoffmann
85985074d4
build: enable watchdog timer for each build that kills in 2 hours
This introduces locking for the commonly used vagrant functions in
vmtools because vagrant fails when another vagrant command is
already running.
2018-01-22 16:01:20 +01:00
Marcus Hoffmann
9a4f3ac019
Revert "build: bump max_apps_per_run to 50"
This reverts commit 56a53055be.

Revert "build: limit --all to 10 apps at a time"

This reverts commit afc5cc6b6a.
2018-01-22 15:53:45 +01:00
Hans-Christoph Steiner
61bb74a369 Merge branch 'log-update-checkupdates-server-to-wiki' into 'master'
Log update/checkupdates/server to wiki

See merge request fdroid/fdroidserver!439
2018-01-22 13:29:45 +00:00
Hans-Christoph Steiner
22563bdf17 gitlab-ci: make metadata_v0 test work even when tags are missing
This uses the commit ID of the release tags, rather than the release tag
itself so that contributor forks do not need to include the tags in them
for this test to work.

The COMMIT_ID should be bumped after each release, so that the list of sed
hacks needed does not continuously grow.
2018-01-22 14:00:20 +01:00
Hans-Christoph Steiner
486ee25708 wiki: log build start/stop time, command line, RAM, and processor count 2018-01-22 14:00:16 +01:00
Hans-Christoph Steiner
ef69bbff34 wiki: log server start/stop times and command line 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
cd3e531731 buildserver: force no auto updates of package lists or upgrades 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
8d2092ada1 jenkins-test: include repo_pubkey in config.py for BUILD test
The BUILD machine does not have a keyring on it, only the public key for
the index signing key.  This is a very rudementary test for that.
2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
f841ec745f wiki: move checkupdates wiki log to separate function 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
010f1c5029 log installed android sdk versions for update and checkupdates 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
e163c09e26 move get_android_tools_versions functions to common 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
4beb2d52e9 wiki: log update start/stop time and command line 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
5b92820ff3 wiki: fix bug updating Repository Maintenance
site.pages doesn't seem to exist anywhere, site.Pages is used throughout.
2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
22c6acc026 wiki: log appids as checkupdates goes through them 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
fc4f5a79a7 wiki: log checkupdates start/stop time and command line for each run 2018-01-22 13:49:10 +01:00
Hans-Christoph Steiner
df51a6e999 common.get_wiki_timestamp() for posting timestamps to wiki log pages 2018-01-22 13:49:10 +01:00