kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-07-05 08:50:08 +02:00
Code Activity
4,987 Commits 1 Branch 58 Tags 47 MiB
765b98f46f
Commit Graph

4987 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hans-Christoph Steiner
1c3a4479ab add common.sign_apk() for nighly as test for using in publish 
Since the MD5 migration was quite a bit of work, it makes sense to start
on moving away from SHA1 as much as possible while it is easy to do. SHA256
will only work in APK signatures on android-18 (4.3) or newer.  So if an
APK has a minSdkVersion of 18 or newer, then sign with SHA256.

https://issuetracker.google.com/issues/36956587
https://android-review.googlesource.com/c/platform/libcore/+/44491
 2017-12-04 22:52:41 +01:00
Hans-Christoph Steiner
7da0854fa1 Merge branch 'CVE-2017-1000117' into 'master' 
block all SSH connections for VCS, for usabililty and security

See merge request fdroid/fdroidserver!396
 2017-12-04 18:48:24 +00:00
Hans-Christoph Steiner
7bba20c662 block all SSH connections for VCS, for usabililty and security 
If we allow SSH, then we'd have to manage known_hosts.

All VCS and submodule URLs should use HTTPS.  SSH URLs have security vulns:
https://blogs.msdn.microsoft.com/devops/2017/08/15/git-vulnerability-with-submodules/
https://www.theregister.co.uk/2017/08/13/ssh_flaw_in_git_mercurial_svn/
CVE-2017-1000117

I did a manual scan of the setup on jenkins.debian.net to see if I could
find any suspicious URLs.  Looks good so far.  This is what I used:

find . -type f -print0 |xargs -0 grep -Eo 'ssh[:+][svn/]+...................'
find . -type f -print0 |xargs -0 grep -Eo 'ssh://-[^ "]+'

Also, some ssh://_ URLs in submodules might still work, because of the URL
rewriting in fdbfb4d1.  But https://-oProxyCommand=pwnme does not really do
anything, unlike ssh://-oProxyCommand=pwnme
 2017-12-04 17:49:59 +01:00
Marcus
5ae14fab18 Merge branch 'submodules_ucm' into 'master' 
checkupdates: don't fail when we can't init submodules

Closes #231

See merge request fdroid/fdroidserver!395
 2017-12-04 16:29:11 +00:00
Marcus Hoffmann
db0a97e8e7 checkupdates: don't fail when we can't init submodules 
Later revisions might have removed the submodules so we want to keep
going when there are no submodules present.
We still abort when there is an error initializing submodules.

Fixes fdroid/fdroidserver#231
 2017-12-04 16:30:37 +01:00
Michael Pöhn
2dcb19d392 Merge branch 'git_clone_fix' into 'master' 
GitFetchFDroidPopen: don't change cwd when cloning

See merge request fdroid/fdroidserver!393
 2017-12-03 16:49:42 +00:00
Marcus Hoffmann
30b3f41a75 GitFetchFDroidPopen: don't change cwd per default 
Fix for ca24aa4ca8.
For git clone we don't want to change cwd because clone actually
creates the repo dir.
 2017-12-03 17:07:36 +01:00
Hans-Christoph Steiner
ca24aa4ca8 stop git clone from hanging at prompts 
Forgot this in fdbfb4d1a2 !378

reviewed in person with @bubu @uniqx
 2017-12-03 13:13:07 +01:00
relan
24e1da1e91 Merge branch 'log_git' into 'master' 
build: log vcs tools version on every build attempt

See merge request fdroid/fdroidserver!391
 2017-12-03 06:03:03 +00:00
Marcus Hoffmann
bb591e236d build: log vcs tools version on every build attempt 2017-12-02 22:41:08 +01:00
Hans-Christoph Steiner
3f4e93bf86 Merge branch 'metadataFlavours' into 'master' 
Add flavour to metadata

See merge request fdroid/fdroidserver!370
 2017-12-02 20:51:24 +00:00
Hans-Christoph Steiner
b8ed892ad9 build: hard exit on success to avoid hanging 
Something is preventing `fdroid build --all` from exiting after a long
run.  @bubu, @uniqx and I think it is because of the use of
AsynchronousFileReader, somehow it's thread does not exit. So the
workaround for now is to just try a hard exit instead of waiting for
things to finish cleanly with `sys.exit(0)`.

https://jenkins.debian.net/job/reproducible_fdroid_build_apps/94/console
 2017-12-02 13:48:47 +01:00
Michael Pöhn
68bbfa7e0e Merge branch 'no_sleep' into 'master' 
vmtools: remove old vagrant workaround

See merge request fdroid/fdroidserver!380
 2017-12-02 12:49:05 +00:00
Marcus
167c730ad8 Merge branch 'sort-fdroid-build-all' into 'master' 
sort `fdroid build --all` by most recent first

See merge request fdroid/fdroidserver!390
 2017-12-02 12:34:27 +00:00
tobiasKaminsky
d5ecb34df7
add flavour to metadata 2017-12-01 15:25:00 +01:00
Hans-Christoph Steiner
5b22ff7dc6 tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
3ff4b656c6 tests: name temp test dir after test function that used it 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
30b2f5a48a build: sort fdroid build --all by most recently changed first 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
bf09109c49 mirror: fix syntax error on Python 3.4 
It seems that Python 3.5 is more flexible with * expansion, Python 3.4 says:

SyntaxError: only named arguments may follow *expression
https://travis-ci.org/f-droid/fdroidserver/jobs/309194065
 2017-11-30 14:03:04 +01:00
Hans-Christoph Steiner
dcbc78d238 Merge branch 'gradleFlavor' into 'master' 
gradle file: use flavour specific versionCode/versionName, fall back to parsing line by line

See merge request fdroid/fdroidserver!389
 2017-11-30 13:44:47 +01:00
Hans-Christoph Steiner
c7c40cb59f PEP8 fixes 2017-11-30 13:42:37 +01:00
Hans-Christoph Steiner
2a758886cd Merge branch 'polish-for-1.0' into 'master' 
Polish for 1.0

Closes #421

See merge request fdroid/fdroidserver!388
 2017-11-30 12:28:28 +00:00
tobiasKaminsky
33aee96ed9
added test case 2017-11-30 11:12:18 +01:00
Hans-Christoph Steiner
27d332c8ae vmtools: in KVM mode, only call sudo hack when file is not readable 2017-11-29 21:06:35 +01:00
Hans-Christoph Steiner
b1bab81739 server: prevent crash when uploading to virustotal 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
7389947cc3 init: handle case where keystore.jks is present but config.py is not 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
e2bbeb5083 common: document read_pkg_args() and read_app_args() 
It took me a long time to figure out how `fdroid build --all` builds the
whole list of apps...
 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
2b6825ccfd build: set open file limit based on how many apps are being processed 
When running `fdroid build --all` on a buildserver with thousands of apps,
it was frequently hitting the open file limit.  This increases the open
file limit based on how many apps are being process.  It is doubled to
provide a margin of safety.

There are probably open file leaks which ideally would be fixed, but this
is also useful to make things more resilient to all the random stuff apps
include in their build systems.
 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
19af92c982 buildserver: include all Android SDK licenses in their exact format 
I tried to clone the files I got from `sdkmanager --licenses`, byte for
byte.
 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
f01b6af57f nightly: automatically create and manage app metadata 
This also allows the developer to edit the metadata in the *-nightly git
repo to customize it.

closes #421
 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
6f97be128f nightly: fix QR code repo icon generation 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
c98740a7d2 nightly: include 'qrcode' as dependency 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
d46d9574b4 update: use KnownApks dates to check system clock on offline machines 
KnownApks provides a reliable source of a relatively recent date.
 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
1219f07d3b Merge branch 's3cfg' into 'master' 
server: allow user to specify custom s3cfg file

Closes #413

See merge request fdroid/fdroidserver!385
 2017-11-29 19:34:11 +00:00
Hans-Christoph Steiner
7eef6eac93 server: allow user to specify custom s3cfg file (closes #413) 
This lets people do advanced S3 setups like CloudFront caching, and
anything else s3cmd lets you do.
 2017-11-29 19:50:57 +01:00
Marcus
528d5a0d1a Merge branch 'fdroid-mirror' into 'master' 
mirror: new command to make a mirror of a repo

See merge request fdroid/fdroidserver!389
 2017-11-29 17:29:42 +00:00
Hans-Christoph Steiner
09a6b37ac0 mirror: fix downloading of graphics 
It was downloading them all directly into the 'repo' folder.
 2017-11-29 17:12:38 +01:00
Hans-Christoph Steiner
79a4c469b3 mirror: forward --verbose flag to wget to control output 2017-11-29 16:54:52 +01:00
Hans-Christoph Steiner
94e67a7623 mirror: verify index signature if fingerprint included in URL 
This keeps the old handling without signature checks so that it works
without requiring Java/apksigner or the whole config.py parsing stuff.
 2017-11-29 16:54:27 +01:00
Hans-Christoph Steiner
d5481927f2 mirror: show help if no URL is provided 2017-11-29 16:31:48 +01:00
Hans-Christoph Steiner
2162703a1a mirror: new command to make a mirror of a repo 
This creates a mirror of a full repo by downloading all files listed in
the index, and the ones that are generated based on that data, e.g. icons
of different resolutions.  This could be useful for setting up mirrors of
small repositories, instead of having to learn and manage rsync or
something else for mirroring.  This just needs a working repo.

It uses wget in a batch mode with the aim as being as efficient as
possible.  wget mirroring over HTTP is always going to be less efficient
than rsync, but it shouldn't be so bad since it uses --continue to check
whether it has already downloaded a file.  I suppose it could be extended
to use ETags for a little more efficiency.

I developed this creating a test mirror of f-droid.org, which is now a bit
ironic, since I added a specific check to prevent people from using this
on f-droid.org.
 2017-11-29 12:40:04 +01:00
tobiasKaminsky
f8492f05a8
gradle file: use flavour specific versionCode/versionName, fall back to parsing line by line 2017-11-29 09:40:44 +01:00
Hans-Christoph Steiner
5607ccdc41 jenkins-test: make new keystore on each test so the password is known 2017-11-28 12:10:13 +01:00
Hans-Christoph Steiner
cee65dbfb6 Bump to 0.9.1 for release process fixes 2017-11-27 16:57:30 +01:00
Hans-Christoph Steiner
743ef9ba00 rename test files to work round filename length limits 
It seems a lot of things like tar, Windows, some filesystems, etc. do not
handle long filenames. #416
 2017-11-27 16:57:30 +01:00
Hans-Christoph Steiner
875dfd0d60 check git is on correct tag before making a release 2017-11-27 16:57:30 +01:00
Hans-Christoph Steiner
ff5717b37e Merge branch 'tests-fedora' into 'master' 
tests: fix pycodestyle lookup

See merge request fdroid/fdroidserver!386
 2017-11-27 15:58:24 +00:00
relan
6498d24f36 tests: fix pycodestyle lookup 
Pycodestyle is available as /usr/bin/pycodestyle-3 on Fedora.
 2017-11-27 16:32:41 +03:00
Hans-Christoph Steiner
80bd6f5fe2 Bump to 1.0.dev0 2017-11-27 13:59:35 +01:00
Hans-Christoph Steiner
2c32071f24 Bump to 0.9 2017-11-27 13:59:35 +01:00