If the metadata file contains NoSourceSince:, it is added to the collection
of Anti-Features. When rewriting the .yml file, NoSourceSince should only
be written into the AntiFeatures: collection if there are manual changes,
e.g. the user had provided translations.
Throughout the code, variables named "app" are instances of the App class.
In this case, this is related, but it is a dict not an App instance, since
it is being prepared for including in the index-v1.json.
If there was a global default on a machine that was something other than
'master', these things would crash with:
Traceback (most recent call last):
File "/home/hans/code/fdroid/server/fdroid", line 22, in <module>
fdroidserver.__main__.main()
File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 230, in main
raise e
File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 211, in main
mod.main()
File "/home/hans/code/fdroid/server/fdroidserver/deploy.py", line 833, in main
push_binary_transparency(BINARY_TRANSPARENCY_DIR,
File "/home/hans/code/fdroid/server/fdroidserver/deploy.py", line 705, in push_binary_transparency
local.pull('master')
File "/usr/lib/python3/dist-packages/git/remote.py", line 1045, in pull
res = self._get_fetch_info_from_stderr(proc, progress, kill_after_timeout=kill_after_timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/git/remote.py", line 848, in _get_fetch_info_from_stderr
proc.wait(stderr=stderr_text)
File "/usr/lib/python3/dist-packages/git/cmd.py", line 604, in wait
raise GitCommandError(remove_password_if_present(self.args), status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(1)
cmdline: git pull -v -- local master
stderr: 'fatal: couldn't find remote ref master'
The builder should check the `AllowedAPKSigningKeys` at build time, so
that the CI can check if somebody gives a wrong value that doesn't match
a compared RB binary. In the event it fails, it gives useful
information, and in the event it succeeds, it makes it clear that this
build has verification back to the developer's original key.
Also, add tests for this to the test suite.
Per fdroiddata!12911 the linter should error out if somebody uses `binary` or
`Binaries` without supplying an `AllowedAPKSigningKeys`.
There are two reasons for this:
- Security: this allows full verification that the binaries built match
the developers, not just what happened to get uploaded onto github at
some later point in time.
- Reliable updates: if the signing key changes, users won't be able to
update, so this is something we should learn about when upstreams send
in commits changing their signing key, rather than just leaving it to
chance.
I profiled this with timeit and a dict with 1000000000 items, and this is
the time difference:
with_equals: 0.8466835720173549
with_is: 0.8536969239939936
with_old: 1.4458542719949037
I also compared using `==` and `is`, and `==` was slightly faster.