1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-09 17:00:12 +01:00
Commit Graph

5100 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
b31239803a lint: greatly expand the list of link shorteners to ban
Since we are now getting credit for fighting trackers, might as well step
up the fight!

gleaned from these sources:
* https://bit.do/list-of-url-shorteners.php
* https://www.hashtags.org/featured/list-of-url-shorteners/
* http://l-lists.com/en/lists/gvaoif.html
2017-12-06 09:54:25 +01:00
Hans-Christoph Steiner
05616b33a7 lint: enforce HTTPS and shortener ban in descriptions as well 2017-12-06 09:54:25 +01:00
Hans-Christoph Steiner
42a9833536 lint: switch links to plain URLS rather than mediawiki syntax
fdroidclient#1000
2017-12-06 09:54:25 +01:00
Hans-Christoph Steiner
8588b89eff lint: add more VCS HTTPS checks
I manually checked that these work with HTTPS. fdroiddata!2710 should fix
all of these issues.
2017-12-06 09:54:25 +01:00
Marcus Hoffmann
1bfba12124 build: write out full rsync options
Also put target host:dir on one line to make it more readable
2017-12-05 21:52:22 +01:00
Marcus Hoffmann
e12e1b6a5c build: better logging output on rsync failures
Save rsync error output and combine that with the command invocation
into an FDroidException which can be logged to the wiki.

This additionally sets -q for rsync to only print errors.
2017-12-05 21:52:11 +01:00
Torsten Grote
2bb1445cd6 Merge branch 'nightly-fixes' into 'master'
more `fdroid nightly` polishing

See merge request fdroid/fdroidserver!399
2017-12-05 17:42:57 +00:00
Hans-Christoph Steiner
c33a71a945 fix hg pull, was stupid mistake in 7bba20c662
fdroid/fdroidserver!396
2017-12-05 16:55:58 +01:00
Hans-Christoph Steiner
bb643eddcf jenkins-setup-build-environment: delete libvirt images before test run
profitbricks-build7-amd64 was running out of disk space when running this
job...
2017-12-05 12:31:13 +01:00
Hans-Christoph Steiner
4561ea59a6 nightly: use shutil.move() only so all ops work across filesystems
https://gitlab.com/fdroid/fdroidserver/merge_requests/377#note_49998712
2017-12-05 09:13:19 +01:00
Hans-Christoph Steiner
2983c35361 shutil.move() in apk_strip_signature() to work across filesystems
os.rename() only works if source and destination are on the same file
system, shutil.move() works across file systems.

OSError: [Errno 18] Invalid cross-device link: '/builds/eighthave/fdroidclient/app/build/outputs/apk/app-debug.apk' -> '/tmp/tmp966vh75f/tmp.apk'
2017-12-04 22:52:41 +01:00
Hans-Christoph Steiner
bf913703c5 nightly: only use read_config to load final, generated config.py
This needs to use the config loading routine to find Java `keytool`, but
since it doesn't need to fully load the config, isolate that usage in the
function.  Then read_config() is only ever called once, as is it meant to
be used, once the config.py is generated.

Using `from . import common; common.config = foo` will not always work,
due to some oddities to how the `from` imports work. So the full module
has to be imported in order to make sure its always properly set.
2017-12-04 22:52:41 +01:00
Hans-Christoph Steiner
8a61b0b945 nightly: resign APKs with provided debug.keystore
Rather than needing to run a command before and after the build, in order
to first install the debug.keystore, then after to fetch and publish the
APK, this makes `fdroid nightly` just resign the APK with the provided
debug.keystore.  Then `fdroid nightly` can be run as the final step in a CI
build, and still ensure that the APKs are always signed by the provided
debug.keystore.
2017-12-04 22:52:41 +01:00
Hans-Christoph Steiner
1c3a4479ab add common.sign_apk() for nighly as test for using in publish
Since the MD5 migration was quite a bit of work, it makes sense to start
on moving away from SHA1 as much as possible while it is easy to do. SHA256
will only work in APK signatures on android-18 (4.3) or newer.  So if an
APK has a minSdkVersion of 18 or newer, then sign with SHA256.

https://issuetracker.google.com/issues/36956587
https://android-review.googlesource.com/c/platform/libcore/+/44491
2017-12-04 22:52:41 +01:00
Hans-Christoph Steiner
7da0854fa1 Merge branch 'CVE-2017-1000117' into 'master'
block all SSH connections for VCS, for usabililty and security

See merge request fdroid/fdroidserver!396
2017-12-04 18:48:24 +00:00
Hans-Christoph Steiner
7bba20c662 block all SSH connections for VCS, for usabililty and security
If we allow SSH, then we'd have to manage known_hosts.

All VCS and submodule URLs should use HTTPS.  SSH URLs have security vulns:
https://blogs.msdn.microsoft.com/devops/2017/08/15/git-vulnerability-with-submodules/
https://www.theregister.co.uk/2017/08/13/ssh_flaw_in_git_mercurial_svn/
CVE-2017-1000117

I did a manual scan of the setup on jenkins.debian.net to see if I could
find any suspicious URLs.  Looks good so far.  This is what I used:

find . -type f -print0 |xargs -0 grep -Eo 'ssh[:+][svn/]+...................'
find . -type f -print0 |xargs -0 grep -Eo 'ssh://-[^ "]+'

Also, some ssh://_ URLs in submodules might still work, because of the URL
rewriting in fdbfb4d1.  But https://-oProxyCommand=pwnme does not really do
anything, unlike ssh://-oProxyCommand=pwnme
2017-12-04 17:49:59 +01:00
Marcus
5ae14fab18 Merge branch 'submodules_ucm' into 'master'
checkupdates: don't fail when we can't init submodules

Closes #231

See merge request fdroid/fdroidserver!395
2017-12-04 16:29:11 +00:00
Marcus Hoffmann
db0a97e8e7 checkupdates: don't fail when we can't init submodules
Later revisions might have removed the submodules so we want to keep
going when there are no submodules present.
We still abort when there is an error initializing submodules.

Fixes fdroid/fdroidserver#231
2017-12-04 16:30:37 +01:00
Michael Pöhn
2dcb19d392 Merge branch 'git_clone_fix' into 'master'
GitFetchFDroidPopen: don't change cwd when cloning

See merge request fdroid/fdroidserver!393
2017-12-03 16:49:42 +00:00
Marcus Hoffmann
30b3f41a75 GitFetchFDroidPopen: don't change cwd per default
Fix for ca24aa4ca8.
For git clone we don't want to change cwd because clone actually
creates the repo dir.
2017-12-03 17:07:36 +01:00
Hans-Christoph Steiner
ca24aa4ca8 stop git clone from hanging at prompts
Forgot this in fdbfb4d1a2 !378

reviewed in person with @bubu @uniqx
2017-12-03 13:13:07 +01:00
relan
24e1da1e91 Merge branch 'log_git' into 'master'
build: log vcs tools version on every build attempt

See merge request fdroid/fdroidserver!391
2017-12-03 06:03:03 +00:00
Marcus Hoffmann
bb591e236d build: log vcs tools version on every build attempt 2017-12-02 22:41:08 +01:00
Hans-Christoph Steiner
3f4e93bf86 Merge branch 'metadataFlavours' into 'master'
Add flavour to metadata

See merge request fdroid/fdroidserver!370
2017-12-02 20:51:24 +00:00
Hans-Christoph Steiner
b8ed892ad9 build: hard exit on success to avoid hanging
Something is preventing `fdroid build --all` from exiting after a long
run.  @bubu, @uniqx and I think it is because of the use of
AsynchronousFileReader, somehow it's thread does not exit. So the
workaround for now is to just try a hard exit instead of waiting for
things to finish cleanly with `sys.exit(0)`.

https://jenkins.debian.net/job/reproducible_fdroid_build_apps/94/console
2017-12-02 13:48:47 +01:00
Michael Pöhn
68bbfa7e0e Merge branch 'no_sleep' into 'master'
vmtools: remove old vagrant workaround

See merge request fdroid/fdroidserver!380
2017-12-02 12:49:05 +00:00
Marcus
167c730ad8 Merge branch 'sort-fdroid-build-all' into 'master'
sort `fdroid build --all` by most recent first

See merge request fdroid/fdroidserver!390
2017-12-02 12:34:27 +00:00
tobiasKaminsky
d5ecb34df7
add flavour to metadata 2017-12-01 15:25:00 +01:00
Hans-Christoph Steiner
5b22ff7dc6 tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
3ff4b656c6 tests: name temp test dir after test function that used it 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
30b2f5a48a build: sort fdroid build --all by most recently changed first 2017-11-30 17:32:53 +01:00
Hans-Christoph Steiner
bf09109c49 mirror: fix syntax error on Python 3.4
It seems that Python 3.5 is more flexible with * expansion, Python 3.4 says:

SyntaxError: only named arguments may follow *expression
https://travis-ci.org/f-droid/fdroidserver/jobs/309194065
2017-11-30 14:03:04 +01:00
Hans-Christoph Steiner
dcbc78d238 Merge branch 'gradleFlavor' into 'master'
gradle file: use flavour specific versionCode/versionName, fall back to parsing line by line

See merge request fdroid/fdroidserver!389
2017-11-30 13:44:47 +01:00
Hans-Christoph Steiner
c7c40cb59f PEP8 fixes 2017-11-30 13:42:37 +01:00
Hans-Christoph Steiner
2a758886cd Merge branch 'polish-for-1.0' into 'master'
Polish for 1.0

Closes #421

See merge request fdroid/fdroidserver!388
2017-11-30 12:28:28 +00:00
tobiasKaminsky
33aee96ed9
added test case 2017-11-30 11:12:18 +01:00
Hans-Christoph Steiner
27d332c8ae vmtools: in KVM mode, only call sudo hack when file is not readable 2017-11-29 21:06:35 +01:00
Hans-Christoph Steiner
b1bab81739 server: prevent crash when uploading to virustotal 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
7389947cc3 init: handle case where keystore.jks is present but config.py is not 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
e2bbeb5083 common: document read_pkg_args() and read_app_args()
It took me a long time to figure out how `fdroid build --all` builds the
whole list of apps...
2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
2b6825ccfd build: set open file limit based on how many apps are being processed
When running `fdroid build --all` on a buildserver with thousands of apps,
it was frequently hitting the open file limit.  This increases the open
file limit based on how many apps are being process.  It is doubled to
provide a margin of safety.

There are probably open file leaks which ideally would be fixed, but this
is also useful to make things more resilient to all the random stuff apps
include in their build systems.
2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
19af92c982 buildserver: include all Android SDK licenses in their exact format
I tried to clone the files I got from `sdkmanager --licenses`, byte for
byte.
2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
f01b6af57f nightly: automatically create and manage app metadata
This also allows the developer to edit the metadata in the *-nightly git
repo to customize it.

closes #421
2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
6f97be128f nightly: fix QR code repo icon generation 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
c98740a7d2 nightly: include 'qrcode' as dependency 2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
d46d9574b4 update: use KnownApks dates to check system clock on offline machines
KnownApks provides a reliable source of a relatively recent date.
2017-11-29 21:06:02 +01:00
Hans-Christoph Steiner
1219f07d3b Merge branch 's3cfg' into 'master'
server: allow user to specify custom s3cfg file

Closes #413

See merge request fdroid/fdroidserver!385
2017-11-29 19:34:11 +00:00
Hans-Christoph Steiner
7eef6eac93 server: allow user to specify custom s3cfg file (closes #413)
This lets people do advanced S3 setups like CloudFront caching, and
anything else s3cmd lets you do.
2017-11-29 19:50:57 +01:00
Marcus
528d5a0d1a Merge branch 'fdroid-mirror' into 'master'
mirror: new command to make a mirror of a repo

See merge request fdroid/fdroidserver!389
2017-11-29 17:29:42 +00:00
Hans-Christoph Steiner
09a6b37ac0 mirror: fix downloading of graphics
It was downloading them all directly into the 'repo' folder.
2017-11-29 17:12:38 +01:00