1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 22:40:12 +01:00
Commit Graph

861 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
df7c909884 build: add test to ensure Prepare: is only run in VM 2023-05-25 13:03:25 +00:00
Hans-Christoph Steiner
dbf163e03f test to check that the right Builds flag values get removed 2023-05-23 12:11:09 +02:00
Hans-Christoph Steiner
895e0553a0 error if a YAML Anti-Feature conflicts with a localized file
https://gitlab.com/fdroid/fdroidserver/-/issues/683#note_1383597734
2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
b0c05842d8 metadata: RequiresRoot is boolean, according to docs
"Set this optional field to ‘True’ if the application requires root
privileges to be usable."
https://f-droid.org/docs/Build_Metadata_Reference/#RequiresRoot
2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
0393e46af9 metadata: handle TYPE_STRINGMAP when writing out YAML 2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
2cb12f9594 metadata: break out write_yaml to standalone function and add unit tests 2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
784bebfee9 metadata: keep manually added NoSourceSince in AntiFeatures
If the metadata file contains NoSourceSince:, it is added to the collection
of Anti-Features.  When rewriting the .yml file, NoSourceSince should only
be written into the AntiFeatures: collection if there are manual changes,
e.g. the user had provided translations.
2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
7c1d7fb4b3 metadata: check error messages are printed for more cases 2023-05-23 10:47:03 +02:00
Hans-Christoph Steiner
061ca38afd define "string map" type for new Anti-Features explanations
closes #683
2023-05-23 10:47:03 +02:00
Jochen Sprickerhof
2488cb5710 scanner: replace global dict by dataclass 2023-05-12 17:58:04 +00:00
Hans-Christoph Steiner
8bc9a3da73 test_parse_yaml_metadata_continue_on_warning checks logging calls 2023-05-11 10:37:45 +02:00
Hans-Christoph Steiner
86b643f87b metadata: test to check that metadata/*.yml overrides .fdroid.yml
This actually uncovered that .fdroid.yml isn't really working. But that is
a problem for another day.
2023-05-11 10:37:45 +02:00
Hans-Christoph Steiner
bb99986630 metadata: fix crash if .fdroid.yml but its not a git repo 2023-05-11 10:37:45 +02:00
Hans-Christoph Steiner
d5a1439457 lint: Anti-Features validator uses names from config 2023-05-11 10:29:04 +02:00
Hans-Christoph Steiner
d6dba05ec3 test load_localized_locale() and translated Anti-Features 2023-05-10 13:34:09 +02:00
Hans-Christoph Steiner
f9864dc3a2 rewritemeta: split into remove_blank_flags_from_builds()
This takes this key bit of functionality, splits it out as its own
function, and adds some unit tests.
2023-05-10 09:21:14 +02:00
Hans-Christoph Steiner
f7830a41f1 deploy: ensure mirrors and binary transparency always create 'master'
If there was a global default on a machine that was something other than
'master', these things would crash with:

Traceback (most recent call last):
  File "/home/hans/code/fdroid/server/fdroid", line 22, in <module>
    fdroidserver.__main__.main()
  File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 230, in main
    raise e
  File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 211, in main
    mod.main()
  File "/home/hans/code/fdroid/server/fdroidserver/deploy.py", line 833, in main
    push_binary_transparency(BINARY_TRANSPARENCY_DIR,
  File "/home/hans/code/fdroid/server/fdroidserver/deploy.py", line 705, in push_binary_transparency
    local.pull('master')
  File "/usr/lib/python3/dist-packages/git/remote.py", line 1045, in pull
    res = self._get_fetch_info_from_stderr(proc, progress, kill_after_timeout=kill_after_timeout)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/git/remote.py", line 848, in _get_fetch_info_from_stderr
    proc.wait(stderr=stderr_text)
  File "/usr/lib/python3/dist-packages/git/cmd.py", line 604, in wait
    raise GitCommandError(remove_password_if_present(self.args), status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(1)
  cmdline: git pull -v -- local master
  stderr: 'fatal: couldn't find remote ref master'
2023-05-10 09:21:14 +02:00
Hans-Christoph Steiner
0735bfa7e5 remove obsolete test case 2023-05-09 20:45:16 +02:00
Hans-Christoph Steiner
43b278b9d6
build: fix loading config files in tests
The new test case works with the default config.
2023-05-05 09:49:34 +02:00
Hans-Christoph Steiner
1e4e2489aa
add keep_when_not_allowed config/option 2023-05-05 09:49:32 +02:00
Hans-Christoph Steiner
386fb55b99
keep old test case intact 2023-05-05 09:49:27 +02:00
Jason A. Donenfeld
26472c22ce build: check AllowedAPKSigningKeys in reproducible build scenario
The builder should check the `AllowedAPKSigningKeys` at build time, so
that the CI can check if somebody gives a wrong value that doesn't match
a compared RB binary.  In the event it fails, it gives useful
information, and in the event it succeeds, it makes it clear that this
build has verification back to the developer's original key.

Also, add tests for this to the test suite.
2023-05-05 06:14:31 +00:00
Hans-Christoph Steiner
9a9705a667 update test_read_metadata to use ruamel.yaml and YAML 1.2
I tried to get this to indent the .yaml files properly so yamllint defaults
work with tests/metadata/dump/*.yaml, but it didn't take for some reason:

    yaml.indent(mapping=4, sequence=4, offset=2)
2023-05-02 13:52:38 +02:00
Hans-Christoph Steiner
28ea6cea7f add tests of TYPE_LIST parsing 2023-05-02 13:52:06 +02:00
Hans-Christoph Steiner
0b3fd725c3 metadata.TestCase: metadata.warnings_action = 'error' as default
The default state for the tests should be to fail on errors.
2023-05-02 13:51:44 +02:00
Hans-Christoph Steiner
8300ed051b ruamel.yaml is now required and the packages are all new enough 2023-05-02 13:41:39 +02:00
Hans-Christoph Steiner
e5fda54693 add test_check_metadata_AntiFeatures 2023-05-02 13:37:07 +02:00
linsui
1a0a0a1839 add litecoin address native segwit format 2023-05-02 11:31:34 +00:00
Hans-Christoph Steiner
1bcd9a8489 metadata: handle empty files and dicts, and error out on non-dicts 2023-04-28 10:55:20 +02:00
Hans-Christoph Steiner
2b81a66b79 App.comments is no more since !772 2023-04-28 10:44:19 +02:00
Hans-Christoph Steiner
dbe21b2b94 metadata: transform all TYPE_STRING values w/ _normalize_type_string()
Before this, there were separate post-parse paths for app-fields versus
build-flags.  This makes all TYPE_STRING values always go through the same
post-parse code path.
2023-04-28 10:44:19 +02:00
Hans-Christoph Steiner
a8531a03a6 metadata: refactor into one function to do YAML post processing
It used to be that there had to be separate post processing steps depending
on whether it was parsing .txt or .yml.  The .txt format is long gone!

!772
2023-04-28 10:44:19 +02:00
Hans-Christoph Steiner
3869e1374b metadata: force TYPE_STRING fields to string in internal dict
* YAML 1.2's boolean is 'true' so this makes the conversion correct.
* rewritemeta would also have to be changed to support this.
2023-04-27 21:51:10 +02:00
Hans-Christoph Steiner
c0ae09e0df metadata: remove strange app arg construct from parse_yaml_metadata()
My guess is that this is some kind of vestige of the old code structure,
back when there was .txt and .yml formats.  This makes it a normal Python
function: input as arg, return value is the result.
2023-04-27 21:51:10 +02:00
Hans-Christoph Steiner
1166258145 map out type conversions in metadata.PostMetadataParseTest suite 2023-04-27 21:50:49 +02:00
Hans-Christoph Steiner
27a0df9ddb metadata: failfast=False like the rest of the tests 2023-04-27 21:48:27 +02:00
Hans-Christoph Steiner
6620bf0208
enable black on tests: api, gpgsign, main, net, vcs 2023-04-27 11:34:14 +02:00
Hans-Christoph Steiner
c7070b2799
index.TestCase: manually convert to black code format
* switch to `from fdroidserver import common, index, signindex...`
2023-04-27 11:34:07 +02:00
Hans-Christoph Steiner
98decf8cfa index: use 'fake.url' as test domain when no networking is used 2023-04-27 10:35:09 +02:00
Hans-Christoph Steiner
7c692a4532 index-v2 'mirrors' fully settable from config
This lets mirrors: in config.yml be the same list-of-dicts format as it is
in index-v2.  This also includes a data format conversion to maintain the
right format for the old, unchanging index v0 and v1 formats.

#928
#1107
2023-04-27 07:53:02 +00:00
Hans-Christoph Steiner
ceef07d2f2 test of current internal format of mirrors list in config 2023-04-27 07:53:02 +00:00
Hans-Christoph Steiner
ad960c6ecd
remove last maven: quirks and make it always a string
It turns out that the maven: field was originally declared as a TYPE_STRING,
given that it was not given a different type in metadata.py's 	flagtypes.
The code was confused because it was given a default value of `False` rather
than `None` as the rest of the TYPE_STRING fields have.

This construct in build.py means maven: should always be a string:

        if '@' in build.maven:
            maven_dir = os.path.join(root_dir, build.maven.split('@', 1)[1])
        else:
            maven_dir = root_dir
2023-04-24 11:08:48 +02:00
Hans-Christoph Steiner
a107e810d4
build: add test case for maven: builds 2023-04-24 11:08:46 +02:00
Hans-Christoph Steiner
7641c30389
add real test of moving files with deploy.update_serverwebroot() 2023-04-24 11:08:42 +02:00
Gregor Düster
d971f19e92
metadata: Remove code ensuring YAML 1.2 compatibility
This is no longer necessary b/c the current YAML parser, ruamel.yaml,
implements YAML 1.2 in contrast to the previous parser PyYAML.
2023-04-18 17:08:44 +02:00
Hans-Christoph Steiner
36d2a8f899
all ndk paths in config must be strings
The paths in the config must be strings because they are used in things
like env vars where they must be strings.  Plus lots of other places in the
code assumes they are strings.  This is the first step to defining the
border of where paths can be pathlib.Path() and where they must be strings.
2023-04-11 13:54:19 +02:00
Hans-Christoph Steiner
898624dcac
common.get_android_tools_versions() for modern NDK dir layout
NDK r10e is still in use, but is so old, it does not have the modern
sdkmanager package metadata.
2023-04-11 13:54:17 +02:00
Hans-Christoph Steiner
0dd5a7db64
remove NDK download handling in favor of fdroid/sdkmanager 2023-04-11 13:54:05 +02:00
Jochen Sprickerhof
d59a88f844 Strip ipfsCIDv1 before testing index-v2 2023-04-11 10:29:27 +00:00
Hans-Christoph Steiner
94badac317 set skipUnless for test that relies on ANDROID_HOME
This job just started failing, but wasn't before:
https://gitlab.com/eighthave/fdroidserver/-/jobs/4060582594

But I look at it, and it looks right that it fails.  So how on earth
was it succeeding before?  Basically the `os.getenv('ANDROID_HOME')`
returns `None` when `ANDROID_HOME` is not set. It is not set in both the
jobs, so how did it not stacktrace before?
2023-04-04 22:41:46 +02:00
Jochen Sprickerhof
889b8cb372 Don't copy per version anti features to all versions
make_v0() modified the apps data structure to copy an anti feature for a
specific version to all versions resulting in index-v1 and -v2 to
contain wrong anti feature annotations. This patch fixes this and adds a
test that the data structure is no longer modified.

The bug shadowed bugs in the AF implementation of -v1 and -v2 resulting
in not coping the version specific data. This is corrected as well.
This is also tested now.

For -v2 the AF dict is now sorted to make the result reproducible.

Finally The NoSourceSince AF was added as a per version and overall AF
in -v1 and is now only applied as an overall AF and the test is updated
accordingly.
2023-04-04 14:20:41 +00:00
Jochen Sprickerhof
484f289919 index.TestCase: support more arguments (like -k) 2023-04-04 14:20:41 +00:00
Hans-Christoph Steiner
8f4167660e disable pylint no-member on tests/extra/manual-vmtools-test.py
This script is some of the only documentation of certain processes that
run in the buildserver setup.  It is not really maintained, but is still
here as a kind of reference.
2023-03-20 17:38:10 +01:00
FestplattenSchnitzel
a4c1ca48ad pylint: Reenable R1722 consider-using-sys-exit
* R1722: Consider using 'sys.exit' instead (consider-using-sys-exit)
2023-03-20 16:33:16 +01:00
FestplattenSchnitzel
abc752314b pylint: Reenable E1101 no-member 2023-03-20 16:33:16 +01:00
Hans-Christoph Steiner
b92e280eab fix code format for new black rule 2023-03-20 14:47:48 +01:00
Hans-Christoph Steiner
e6ff596b4c update: handle messed up namespaces in AndroidManifest.xml 2023-03-20 13:24:59 +00:00
Hans-Christoph Steiner
b1f482009a
tame verbose logging in index tests by default 2023-03-09 12:35:31 +01:00
Hans-Christoph Steiner
f3e49f4bcb
download_repo_index_v2() for verified downloading of index-v2 2023-03-09 12:35:29 +01:00
Hans-Christoph Steiner
a557764b4d
sign tests/repo/index-v1.jar once per index.TestCase run
Signing files is a slow operation, especially with jarsigner. This speeds
up the full test run from 10-12 seconds to 2-3 seconds, which makes it
possible to run the tests interactively again. And it stops signing the
file entirely for tests that do not even touch that file.

In the long run, it would probably make sense to have each test case sign
the file as it needs it, but that's a much bigger change.
2023-03-09 12:34:57 +01:00
Hans-Christoph Steiner
dd16076651
add verify_jar_signature() to verify entry.jar 2023-03-09 12:34:55 +01:00
Hans-Christoph Steiner
cfe399888b
add new test module for the public API 2023-03-09 12:34:54 +01:00
FestplattenSchnitzel
2dda9db1f1
Remove support for Buildozer 2023-03-09 12:03:57 +01:00
Hans-Christoph Steiner
98448e0481 purge all references to zipalign, that is delegated to other things
Things like apksigner and @obfusk's tools handle this now.
jarsigner is used in the test, since that's the most common use of
`common.find_sdk_tools_cmd()`.

closes #1100
2023-02-22 14:45:51 +01:00
Hans-Christoph Steiner
5af5ed2759 fix test_fill_config_defaults_java for non-amd64 arches 2023-02-21 11:20:16 +01:00
Hans-Christoph Steiner
24df262f6b handle str and pathlib.Path in getvcs() 2023-02-21 11:20:15 +01:00
Hans-Christoph Steiner
9e9c909380 tests/run-tests: silence err_handler output 2023-02-19 22:54:38 +01:00
Hans-Christoph Steiner
b8f59097f7 purge all vestiges of the unused fdroid stats, closes #839
* for f in locale/*/LC_MESSAGES/fdroidserver.po; do msgattrib --set-obsolete --no-wrap --ignore-file=locale/fdroidserver.pot -o $f $f; done
* sed -i 's, \.\./fdroidserver/stats\.py,,' locale/*/LC_MESSAGES/fdroidserver.po
2023-02-19 22:54:38 +01:00
Hans-Christoph Steiner
58cfce106b add test_sign_apk_fail and test_sign_apk_corrupt 2023-02-19 13:39:48 +01:00
Hans-Christoph Steiner
f468270aa8
support Java 20, which is already in Debian/unstable, closes #1070 2023-02-17 16:35:20 +01:00
Hans-Christoph Steiner
0c9f62a5fe signindex: add JSON check for entry.json
Ran this to generate/refresh the test index files:
`cd tests; ../fdroid update --nosign --pretty`

* converts config.py description to a single line, since the values are no
  longer stripped, so this give the same output.

closes #835
2023-02-17 14:34:53 +00:00
Hans-Christoph Steiner
b697845bda add test case for index.package_metadata() 2023-02-16 21:45:39 +01:00
linsui
58f167b7e5 Add build.binary 2023-02-16 20:16:52 +08:00
linsui
33def096f5 Add postbuild 2023-02-16 12:11:26 +00:00
Simon Brand
4a581bdfb6 Remove path workarounds for old python versions 2023-02-15 19:25:48 +00:00
Jochen Sprickerhof
6118925387 Skip nightly test on Fedora with pip in $HOME 2023-02-08 18:32:13 +01:00
Jochen Sprickerhof
5715e377b0 nightly test: cleaup test directory 2023-02-08 18:14:38 +01:00
Jochen Sprickerhof
55c3a28568 run-tests: make mirror test independent of update test 2023-02-08 18:14:38 +01:00
Jochen Sprickerhof
a667074d89 run-tests: make scanner test independent on importer test 2023-02-08 18:14:38 +01:00
Jochen Sprickerhof
b1fca3f722 run-tests: always cleanup testfiles 2023-02-08 18:14:38 +01:00
Jochen Sprickerhof
6ba40b7349 common tests: use patch.dict for os.environ 2023-02-08 18:14:36 +01:00
Jochen Sprickerhof
d29a486e31 tests: use context manager and/or standard setup temp files 2023-02-08 18:12:35 +01:00
Jochen Sprickerhof
1eeb992118
Don't create unused testfiles directory 2023-02-06 14:52:35 +01:00
Jochen Sprickerhof
d5400549f6
update test: set update options 2023-02-06 14:52:35 +01:00
Hans-Christoph Steiner
9d2cc1ecc5 fix pylint C1803: 'icons_src == {}' can be simplified to 'not icons_src' as an empty dict is falsey (use-implicit-booleaness-not-comparison) 2023-02-02 16:02:49 +01:00
linsui
5858d8fcb4 remove liberapayID 2023-01-16 17:02:56 +00:00
FestplattenSchnitzel
aa71dd57f6
update.TestCase: Avoid creating metadata with duplicate keys 2023-01-15 12:52:41 +01:00
FestplattenSchnitzel
671a264dfe
Use ruamel.yaml in metadata.py and metadata.TestCase
This is to read metadata based on YAML 1.2 rather than 1.1.
2023-01-15 12:52:41 +01:00
Hans-Christoph Steiner
947d94e0a9
deploy: support GitLab Job Artifacts as a mirror 2022-11-16 20:16:32 +01:00
Hans-Christoph Steiner
f24613b701
index: fix git-mirror size check for GitLab Pages
The test case had the wrong folder setup, this was confirmed on a production
repo setup.
2022-11-16 20:16:25 +01:00
Hans-Christoph Steiner
c2567d71d1
nightly: fail if *-nightly git repo is not publicly available 2022-11-16 20:16:21 +01:00
Hans-Christoph Steiner
15bd7057f0 nightly: add tests 2022-11-16 16:50:14 +01:00
Hans-Christoph Steiner
1c5506ae05 nightly: support OpenSSL 3.0 with Paramiko
OpenSSL 3.0 changed the default output format from PKCS#1 to PKCS#8,
which paramiko does not support.

https://www.openssl.org/docs/man3.0/man1/openssl-rsa.html#traditional
https://github.com/paramiko/paramiko/issues/1015
2022-11-16 14:40:08 +01:00
Hans-Christoph Steiner
01f7dfd0b3 index-v2.jar is not a valid file, remove references
entry.jar is the signed file, it references index-v2.json.
2022-11-15 13:22:09 +00:00
linsui
d25995c084 Set ArchivePolicy based on VercodeOperation/signature 2022-11-15 18:50:16 +08:00
Michael Pöhn
24d88705fa 🔍 add scanner_signature_sources config option
This adds the option to configure which set of signatures `fdroid
scanner` should use, by configuring it in `config.yml`. It allows
fetching signatures in our custom json format. It also adds 3 additional
sources: 'suss', 'exodus', 'etip'
2022-11-15 09:20:26 +00:00
Hans-Christoph Steiner
bd51b2e99f build: read VM CPUs/RAM from builder/Vagrantfile
makebuildserver.config.py is no more, builder/Vagrantfile is now where the
CPU and memory is configured for the buildserver VM.  In fact, that was
always the actual place, the makebuildserver.config.py thing was just
confused.

This should have been part of !1222
2022-11-15 08:57:41 +01:00
Jochen Sprickerhof
1bb963d768
jarsigner: allow weak signatures
openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:

jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar

         131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
         252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
        2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
           0 Fri Dec 02 20:09:58 CET 2016 META-INF/
 m  ?  48743 Fri Dec 02 20:09:58 CET 2016 index.xml

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  ? = unsigned entry

- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
    Digest algorithm: SHA1 (disabled)
    Signature algorithm: SHA1withRSA (disabled), 4096-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
2022-11-14 17:59:56 +01:00
Jochen Sprickerhof
24630dfe68
Drop old getsig.java test
getsig.java was replaced by a Python implementation in 6e2d0a9e (2014)
and the test was only there to compare the results for the transition.

Dropping this as it no longer works starting with 11.0.17+8.
2022-11-14 17:58:37 +01:00
Jochen Sprickerhof
557fe87d44 Run shell scripts with -e (Closes: #1035)
Make sudo, init prebuild, build and Prepare fields lists and only
concatenate them with '; ' before execution. This allows arbitrary
commands inside the fileds (even && and ';') as we don't need to split
the commands again for rewritemeta.
2022-11-03 12:25:31 +00:00