For some APKs, get_certificate() was returning a different result than
apksigner and keytool. So I just took the algorithm from androguard, which
uses asn1crypto instead of pyasn1. So that removes a dependency as well.
asn1crypto is already required by androguard.
The original get_certificate() came from 6e2d0a9e1
We can rely on the debian:testing job to test the bleeding edge, and it is
a lot easier to troubleshoot.
The Fedora job is a lot harder to troubleshoot than the Debian-based jobs,
and they are often quite bleeding edge. Currently, there is a change to
either Python or an image processing lib (Pillow?) that now compresses PNGs
differently than all previous releases. That breaks the tests based on
processing images and checking the SHA-256 matches.
70e7e720b9
fdroidserver!669
When troubleshooting things that are difficult to reproduce locally, like
different behaviors in the fedora_latest job, these changes make it easy to
keep the test files around after the tests run. For example, if PNGs are
processed differently by newer Python versions.
Apparently, the newest Python thingies strip the PNGs a tiny bit smaller,
so a fixed file size will lead to the test failing:
https://gitlab.com/fdroid/fdroidserver/-/jobs/6703386074
```
Traceback (most recent call last):
File "/builds/fdroid/fdroidserver/tests/index.TestCase", line 704, in test_package_metadata
self.assertEqual(36027, metadata['featureGraphic']['en-US']['size'])
AssertionError: 36027 != 35619
```
androguard 4.1 uses a new lib called apkInspector instead of zipfile.ZipFile
so that it can handle usable but invalid ZIP files. It will also throw
ValueError on some things, for example:
Traceback (most recent call last):
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/tests/update.TestCase", line 878, in test_scan_apk_bad_zip
fdroidserver.update.scan_apk(apkfile)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/update.py", line 1586, in scan_apk
scan_apk_androguard(apk, apk_file)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/update.py", line 1725, in scan_apk_androguard
apkobject = common.get_androguard_APK(apkfile)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/common.py", line 2673, in get_androguard_APK
return APK(apkfile)
File "/usr/local/lib/python3.10/dist-packages/androguard/core/apk/__init__.py", line 273, in __init__
self.zip = ZipEntry.parse(filename, False)
File "/usr/local/lib/python3.10/dist-packages/apkInspector/headers.py", line 410, in parse
eocd = EndOfCentralDirectoryRecord.parse(apk_file)
File "/usr/local/lib/python3.10/dist-packages/apkInspector/headers.py", line 59, in parse
raise ValueError("End of central directory record (EOCD) signature not found")
ValueError: End of central directory record (EOCD) signature not found
/usr/lib/python3/dist-packages/androguard/core/bytecodes/apk.py:884: DeprecationWarning: This method is deprecated since 3.3.5.
It was added in 3.3.5. Debian/bullseye and Ubuntu/20.04/focal both include
new enough versions. Debian/buster's is too old (3.3.3).
This also makes androguard a hard requirement, which has been true for a
while anyway. So the code that handles androguard as an optional
requirement is removed. androguard from Debian/buster is new enough, so
this does not seem like it will cause any problems.
"checkupdates" is an fdroid subcommand, e.g. `fdroid checkupdates`, and it
is always spelled all lower case.
sed -i 's,CheckUpdates,checkupdates,g' fdroidserver/*.py locale/*/LC_MESSAGES/fdroidserver.po
sed -i "s/UpdateCheckMode is set but it looks likecheckupdates hasn't been run yet/UpdateCheckMode is set but it looks like checkupdates hasn't been run yet./g" locale/*/LC_MESSAGES/fdroidserver.po