1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-09 00:40:11 +01:00
Commit Graph

4199 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
d4c6fffb30 buildserver: buildserver/Vagrantfile is configed by .yaml file
Vagrantfile is now committed and not changed between configurations. It is
configed by translating the python config file's dict to a YAML file, which
Vagrantfile now loads and uses.  This makes it a lot easier for vagrant
users and python programmers to understand, and hopefully makes it easier
to maintain and test with.
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
2e1ec71404 buildserver: send config to vagrant via YAML file
Python can easily output dicts as YAML, and a Vagrantfile is a ruby script,
which can easily read YAML.  Going this route means that Vagrantfile can
ultimately be committed to git, and the configuration will happen all via
Python dicts output as YAML.  That makes it drastically easier to follow
the code, and to make modifications.
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
4e787cc750 buildserver: make provision scripts output name to log 2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
0171dd60fd buildserver: use pip instead of easy_install for caching
easy_install does not provide any download caching, while pip does. This
also moves the python module installing a shell script that takes python
packages as args.  That will allow for future uses like allowing app
metadata to include pip modules that they need.
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
aafad6b909 buildserver: move apt setup to a shell script
This makes it so there is only a single `apt-get install` command run,
instead of one command per-package like with the chef script.  It also adds
`apt-get upgrade` to make sure that the base box is fully up-to-date.
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
2374b12a77 buildserver: move trusty/paramiko hack to its own shell script
This is part of the effort to remove moving parts from the whole build
server setup.  Why wrap shell scripts in ruby and chef if we can just
directly run a shell script?
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
1b8dec32ae buildserver: enable debug log for provision-android-sdk 2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
588e6e5534 buildserver: android --silent hides errors, so remove
--silent seem to prevent `android update sdk` from exiting with an error,
so its kind of useless.  I just wanted it to suppress the verbose logs.
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
2227cc6d1a buildserver: download and cache latest platform-tools and m2repository
Also, by having our own checksums for all the bits means that we can safely
add support for local mirrors, like a bunch in China, for example:
http://mirrors.neusoft.edu.cn/android/repository/
2016-07-04 23:54:52 +02:00
Hans-Christoph Steiner
e44f6380e9 buildserver: test builds against fdroid and adaway
The other apps are too flaky on gpjenkins right now, and that's our
only box for running full buildserver tests.  Once we get the
buildserver tests running on jenkins.debian.net, then we can add a
bunch more apps to the test script.  gpjenkins is an extra locked down
box, so that's why the builds are flaky: gradle and maven downloads
regularly fail because they are blocked.
2016-07-04 23:52:53 +02:00
Hans-Christoph Steiner
2daf00abb7 buildserver: remove last vestige of 32-bit buildserver 2016-07-04 23:52:52 +02:00
Hans-Christoph Steiner
d8bf2bb312 jenkins-build: switch buildserver to new 64-bit base 2016-07-04 13:16:15 +02:00
Daniel Martí
a573688a44 makebs: flip arch64 bool
The last commit was missing this.
2016-07-04 12:01:58 +01:00
Hans-Christoph Steiner
bfd80d12d9 switch to new 64-bit base box image: https://f-droid.org/jessie64.box
build-tools and other SDK bits from android-24 require 64-bit GNU/Linux
2016-07-04 12:34:00 +02:00
Ciaran Gultnieks
1da89dc1f1 Various changes to get makebuildserver to work with a 64 bit base box
Note that the apt packages are split into two halves, because it takes
too long (on 64 bit!) to install them all. The sensible fix would be
to simply up the timeout on the package installation section, but this
is completely broken in chef.
2016-07-01 12:00:38 +00:00
Hans-Christoph Steiner
8691bd9cf9 Merge branch 'java8-and-other-fixes' into 'master'
Java8 and other fixes

This fixes the OSX travis-ci job for the Java8 update, and also two other fixes as described in the commit message.  @CiaranG I think the _/etc/profile_ approach in 7b466b6266 gets us closer to the idea of having the `fdroid build` jobs run in the same environment as `vagrant ssh`.

See merge request !138
2016-06-27 18:48:19 +00:00
Hans-Christoph Steiner
d522bb7e17 handle APKs with filenames encoded with CP437
The ZIP format has no official encoding :-| so we have to do hacks.  The
zipfile devs couldn't even sort this out:
https://bugs.python.org/issue10614

closes #167
2016-06-27 20:30:32 +02:00
Hans-Christoph Steiner
1be263e870 FDroidPopen must have a locale to support UTF-8 filenames
`fdroid update` should be able to handle any valid filename (hopefully
aapt doesn't barf on them).  To handle that, the environment where the
shell commands are run in needs to have a UTF-8 locale set. If LANG is
not set, things default to ASCII and UTF-8 filenames fail.

This also renames test APK with lots of Unicode chars as a test case.

closes #167
2016-06-27 20:30:32 +02:00
Hans-Christoph Steiner
82e2689246 ignore commonly used files for testing in place 2016-06-27 14:00:49 +02:00
Hans-Christoph Steiner
e638f599e7 travis-ci: use most recent OSX image to get Java8
https://gitlab.com/fdroid/fdroidserver/merge_requests/137
2016-06-27 14:00:49 +02:00
Hans-Christoph Steiner
498489c570 load bash profile using --login when running builds on server
This will make `vagrant ssh` and `fdroid build --server` be the same env,
so troubleshooting should be easier.  !135  Here's what `man bash` says:

 When bash is invoked as an interactive login shell, or as a
 non-interactive shell with the --login option, it first reads and
 executes commands from the file /etc/profile, if that file
 exists.  After reading that file, it looks for ~/.bash_profile,
 ~/.bash_login, and ~/.profile, in that order, and reads and
 executes commands from the first one that exists and is readable.
 The --noprofile option may be used when the shell is started to
 inhibit this behavior. When a login shell exits, bash reads and
 executes commands from the file ~/.bash_logout, if it exists.
2016-06-27 14:00:49 +02:00
Hans-Christoph Steiner
d6c9a8466b properly close opened images
This stops these errors:

fdroid/fdroidserver/fdroidserver/update.py:744: ResourceWarning: unclosed
 file <_io.BufferedReader
 name='repo/icons-320/info.guardianproject.urzip.100.png'>

fdroid/fdroidserver/fdroidserver/update.py:721: DeprecationWarning: The
 'warn' function is deprecated, use 'warning' instead
2016-06-27 14:00:49 +02:00
Daniel Martí
1210dc7769 Merge branch 'api-24' into 'master'
Api 24, gradle versions

CC @krt @eighthave 

See merge request !140
2016-06-27 07:03:58 +00:00
Daniel Martí
8a34d23758 Merge branch 'permission-fix' into 'master'
Make permission parsing more specific

Get name only and ignore maxSdkVersion

Fixes #188

See merge request !142
2016-06-27 06:41:49 +00:00
Dominik Schürmann
51a6d1602f Make permission parsing more specific
Get name only and ignore maxSdkVersion

Fixes #188
2016-06-26 18:03:37 +02:00
Dmitriy Bogdanov
b7f28fa576 Pass default date to KnownApks.recordapk()
... if --use-date-from-apks option is used
2016-06-26 19:18:50 +04:00
Daniel Martí
be4953be02 Add Gradle 2.2 and 2.14 to the buildserver
2.2 can be specifically requested by an app, and in some extreme cases
those apps don't build with 2.2.1.
2016-06-24 17:06:17 +01:00
Daniel Martí
06003d3c04 Add platform-24 to the buildserver 2016-06-24 17:06:17 +01:00
Daniel Martí
b026874353 all: add and switch to build-tools v24 2016-06-24 17:06:16 +01:00
Hans-Christoph Steiner
063d581b71 Merge branch 'jdk8' into 'master'
all: switch to jdk8 as default

@eighthave this will probably require some action on the jenkins machine to replace jdk7 with jdk8.

Any thoughts @CiaranG?

See merge request !137
2016-06-21 14:02:19 +00:00
Daniel Martí
5de678e48b all: switch to jdk8 as default
Also, remove jdk7 as it will become unused. We added jdk8 for
retrolambda, and now that we will use jdk8 as the default, jdk7 is
unnecessary as retrolambda can work fine with just jdk8.

This removes it from the buildserver, and the new CI image also only has
jdk8 from jessie-backports.

Fixes #185.
2016-06-21 11:47:37 +01:00
Daniel Martí
d11135b441 Merge branch 'some-build-fixes' into 'master'
Some build fixes

This includes a couple of fixes discussed with @mvdan including removing the `ANDROID_NDK_HOME` env var from the buildserver and removing the default behavior to force the build-tools version.

See merge request !136
2016-06-21 10:12:54 +00:00
Hans-Christoph Steiner
c352605768 add force_build_tools config option
This replaces the current default behavior of always forcing the
build_tools version and allows the user to set build-tools forcing in
config.py.

closes #147
2016-06-21 10:29:56 +02:00
Hans-Christoph Steiner
400acdefab check whether metadata file is a duplicate before parsing it
By checking first, this prevents a stacktrace when the duplicate metadata
file is not valid.  For example, in the tests, the duplicate is just a zero
length file, which was causing a stacktrace.
2016-06-21 10:29:56 +02:00
Hans-Christoph Steiner
226237c5f7 buildserver: do not set NDK env vars, they are handled by fdroid build
`fdroid build` handles setting the NDK env vars since the NDK version can
change depending on the app being build.  Unlike ANDROID_HOME, there is no
single global NDK location.  The NDK installs are all versioned.
2016-06-21 10:29:56 +02:00
Hans-Christoph Steiner
a88771cf30 buildserver: run tests with verbose logs 2016-06-21 10:29:56 +02:00
Hans-Christoph Steiner
ecab81d69d buildserver: suppress unzip file list when unpacking SDK/NDK
Just too much pointless info in the log.
2016-06-21 10:29:56 +02:00
Hans-Christoph Steiner
323ad5e0ad Merge branch 'fix-buildserver' into 'master'
Fix buildserver, broken by e449d2f

Switching to a script /etc/profile.d to set up the environment is all
well and good, except that doesn't get run when you directly execute a
command directly via ssh, which means that the buildserver didn't work
at all (at least for anything that used gradle, or relied on the
environment variables.

This fix doesn't look very nice, but it works - it just forces the
appropriate script to run before build.py is executed on the server.

(Side note, I thought we had tests for this, how did it get past them?)

See merge request !135
2016-06-21 08:22:34 +00:00
Hans-Christoph Steiner
8aacbb6b4f Merge branch 'master' into 'master'
Tone down makebuildserver terminal spamming

The progress bar updating at each 1k chunk spams the terminal to such an
extent it stops responding to keypresses (at least with a fast
connection). It also seems extremely inefficient to be writing the file
in 1k chunks. This makes it 64k, which is more reasonable but quite
probably still too small.

See merge request !134
2016-06-21 06:34:20 +00:00
Ciaran Gultnieks
d7e6e335f3 Fix buildserver, broken by e449d2f
Switching to a script /etc/profile.d to set up the environment is all
well and good, except that doesn't get run when you directly execute a
command directly via ssh, which means that the buildserver didn't work
at all (at least for anything that used gradle, or relied on the
environment variables.

This fix doesn't look very nice, but it works - it just forces the
appropriate script to run before build.py is executed on the server.

(Side note, I thought we had tests for this, how did it get past them?)
2016-06-18 12:15:16 +01:00
Ciaran Gultnieks
9a2e06fd5c Tone down makebuildserver terminal spamming
The progress bar updating at each 1k chunk spams the terminal to such an
extent it stops responding to keypresses (at least with a fast
connection). It also seems extremely inefficient to be writing the file
in 1k chunks. This makes it 64k, which is more reasonable but quite
probably still too small.
2016-06-17 13:39:01 +01:00
Hans-Christoph Steiner
d6ab05c567 Merge branch 'add-sig-algs-1' into 'master'
Adding support for DSA and ECDSA signatures in binaries

Before this patch only RSA signature files was supported when using the Binaries metadata directive as described in https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds.

This patch simply makes .DSA and .EC files also be recognised as signature files.

See merge request !133
2016-06-17 12:05:22 +00:00
Markus Kilås
cf320f2e9a Adding support for DSA and ECDSA signatures. 2016-06-17 12:58:52 +02:00
Daniel Martí
3e88b7444d lint: only check unused exlibs if using all apps 2016-06-17 11:35:44 +01:00
Ciaran Gultnieks
720d40ac1c Merge branch 'use-android-update-sdk' into 'master'
switch SDK/NDK/gradle buildserver provisioning to shell scripts

This converts the SDK, NDK, and gradle chef recipes to vagrant provisioning shell scripts.   Those recipes were just shell scripts anyway, forced into that ugly ruby/chef syntax.  Hopefully this will make things easier to maintain since simple bash is easier for most devs than ruby/chef. Also, it might speed up the provisioning a little bit since the whole script is sent to the VM then executed, rather than sent line-by-line.  Additionally, the SDK components are now installed using `android update sdk` so we do not need to duplicate Google's crazy kludges with that stuff.

See merge request !132
2016-06-17 09:15:33 +00:00
Daniel Martí
882afebf76 common: always set android ndk env vars
Also, add the ndk to PATH at the beginning, in case any other ndks are
already in it.

Fixes #176.
2016-06-16 21:36:31 +01:00
Hans-Christoph Steiner
8e57f2737d invalidate apkcache if the metadata version is different
When the metadata changes, different things will be stored about each APK.
So invalidate the cached info parsed from APKs if the cache's metadata
version does not match the metadata version of the currently running tools.
2016-06-15 16:35:00 +02:00
Hans-Christoph Steiner
c11edc3022 include new provisioning shell scripts in syntax checks 2016-06-15 16:35:00 +02:00
Hans-Christoph Steiner
d0bb6f73bf buildserver: /vagrant/cache writeable only by root
Prevent build processes from modifying the cache, it is only needed
during provisioning anyway. A malicious build could still use sudo to
change the cache, but this is more to prevent mistaken modifications.
2016-06-15 16:35:00 +02:00
Hans-Christoph Steiner
6ea2508127 buildserver: unpack gradle versions with provisioning shell script
This was not using anything special from chef, so do it in a shell script
instead.  This makes the script easier for the python/shell people, and
probably uses less memory, since chef is a memory hog.  This might even
make the provision go faster since it uploads the whole script as a file to
the VM, then runs it there.  I think chef sends each command via SSH.
2016-06-15 16:35:00 +02:00