1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-16 11:50:10 +01:00
Commit Graph

8609 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
39c1b11a14 Merge branch 'apksigner-entry-jar' into 'master'
use apksigner to sign index-v2 with modern, supported algorithms

Closes #1005

See merge request fdroid/fdroidserver!1134
2022-06-08 13:41:42 +00:00
Hans-Christoph Steiner
fe22958476
run-tests: skip tests that require apksigner when running on Java8
The buildserver VM has not been upgraded yet to bullseye, so it is still on
Debian/stretch.  The buildserver VM does not need to run `fdroid update`,
`fdroid signindex`, etc. so this new apksigner requirement should not
affect app builds even though they are stuck on Debian/stretch.
2022-06-07 16:56:25 +02:00
Hans-Christoph Steiner
3182b77d18
use apksigner to sign index-v2 with modern, supported algorithms
The current signing method uses apksigner to sign the JAR so that it
will automatically select algorithms that are compatible with Android
SDK 23, which added the most recent algorithms:
https://developer.android.com/reference/java/security/Signature

This signing method uses then inherits the default signing algothim
settings, since Java and Android both maintain those.  That helps
avoid a repeat of being stuck on an old signing algorithm.  That means
specifically that this call to apksigner does not specify any of the
algorithms.

The old indexes must be signed by SHA1withRSA otherwise they will no
longer be compatible with old Androids.

apksigner 30.0.0+ is available in Debian/bullseye, Debian/buster-backports,
Ubuntu 21.10, and Ubuntu 20.04 from the fdroid PPA.  Here's a quick way to
test:

for f in `ls -1 /opt/android-sdk/build-tools/*/apksigner | sort ` /usr/bin/apksigner; do printf "$f : "; $f sign --v4-signing-enabled false; done

closes #1005
2022-06-07 16:56:23 +02:00
Hans-Christoph Steiner
07a6ad6c1e Merge branch 'archive_sigs' into 'master'
Archive _src.tar.gz.asc not .log.gz.asc

See merge request fdroid/fdroidserver!1143
2022-06-07 11:37:54 +00:00
Jochen Sprickerhof
e6c875b77e Archive _src.tar.gz.asc not .log.gz.asc 2022-06-07 11:37:29 +00:00
Hans-Christoph Steiner
759fafd3ff Merge branch 'fix_nosign' into 'master'
Fix --nosign semantics

See merge request fdroid/fdroidserver!1125
2022-06-07 11:36:23 +00:00
Hans-Christoph Steiner
7544761e86
index: add test for --nosign config and file generation 2022-06-07 13:22:06 +02:00
Jochen Sprickerhof
9933f54093 Fix --nosign semantics
This reverts parts of 197ca7e36 as it never triggered the
FDroidException as 'keystore' not in common.config is always False.
2022-06-07 13:22:02 +02:00
Hans-Christoph Steiner
c3243c2cdf Merge branch 'index-v2' into 'master'
Updates for index-v2

See merge request fdroid/fdroidserver!1140
2022-06-07 10:52:12 +00:00
Jochen Sprickerhof
1073dd57f7 Make webBaseUrl configurable 2022-06-04 11:56:04 +02:00
Jochen Sprickerhof
72e3d07acb Simplify primary mirror logic
Assume repo_url/archive_url to be valid URL and mark it as a primary
mirror.
2022-06-04 11:56:04 +02:00
Hans-Christoph Steiner
dc971b39ee Merge branch 'scan_binary_server' into 'master'
Pass --scan-binary to build server

See merge request fdroid/fdroidserver!1141
2022-06-03 14:39:13 +00:00
Jochen Sprickerhof
edc9390628 Pass --scan-binary to build server 2022-06-03 14:27:58 +00:00
Hans-Christoph Steiner
0d1df0564f Merge branch 'archive_sigs' into 'master'
Archive .idsig and .log.gz.asc files as well

See merge request fdroid/fdroidserver!1138
2022-06-03 11:06:44 +00:00
Jochen Sprickerhof
8a2f013508 Archive .idsig and .log.gz.asc files as well 2022-06-03 10:56:22 +00:00
Hans-Christoph Steiner
94faece5ba Merge branch 'fix_pylint' into 'master'
explicitly re-raising exceptions

See merge request fdroid/fdroidserver!1139
2022-06-03 10:53:33 +00:00
Jochen Sprickerhof
4ce79a7eaa explicitly re-raising exceptions
To fix pylint.
2022-06-01 22:52:22 +02:00
Jochen Sprickerhof
2d0645c1c4 Merge branch 'get_apk_id_api_call' into 'master'
allow common.get_apk_id() to be used in the API

See merge request fdroid/fdroidserver!1118
2022-05-31 09:43:51 +00:00
Hans-Christoph Steiner
c6dcc82ca4 allow common.get_apk_id() to be used in the API
If a project uses fdroidserver as a library, then just calls
common.get_apk_id(), it will now work.  Before, that project would have had
to include something like `common.config = {}` to avoid a stacktrace.
2022-05-26 22:18:21 +02:00
Hans-Christoph Steiner
9605d4ecad Merge branch 'fix_issue_1006' into 'master'
[import] Fix crash when no Gradle subdir is found

Closes #1006

See merge request fdroid/fdroidserver!1136
2022-05-26 18:45:54 +00:00
FestplattenSchnitzel
5951a6c2b1 [import] Fix crash when no Gradle subdir is found 2022-05-26 17:59:41 +00:00
Hans-Christoph Steiner
fa14a0005d Merge branch 'ndk-release-checksums.py' into 'master'
update NDK

See merge request fdroid/fdroidserver!1135
2022-05-26 15:11:48 +00:00
fdroid-bot
762c945c42 Android NDK None (None) 2022-05-26 15:10:14 +00:00
Hans-Christoph Steiner
f83003eecf Merge branch 'agp' into 'master'
AGP 7.2.0 requires gradle 7.3.3

See merge request fdroid/fdroidserver!1131
2022-05-26 15:09:03 +00:00
linsui
b75a34241f Apply 2 suggestion(s) to 1 file(s) 2022-05-26 15:08:33 +00:00
linsui
2c1659935a AGP 7.2.0 requires gradle 7.3.3 2022-05-26 15:08:33 +00:00
Hans-Christoph Steiner
bc81237d0c Merge branch 'smartcardoptions-parsing' into 'master'
Fix parsing of smartcardoptions config

See merge request fdroid/fdroidserver!1106
2022-05-26 15:06:01 +00:00
Hans-Christoph Steiner
2639909f90 add test cases for parsing smartcardoptions config field 2022-05-26 16:49:43 +02:00
Danilo Bargen
a4d0698628 Fix parsing of smartcardoptions config
With the previous code, a trailing newline would result in an empty
space being part of the list. When this is passed to keytool, it fails
with "Illegal option: ".

Instead of doing overly complicated regex based string substitution
followed by parametrized splitting, we can simply use `.split()`
without any parameters, and Python will automatically strip any
whitespace.
2022-05-26 16:47:33 +02:00
Jochen Sprickerhof
05e6c293c0 Merge branch 'v2-btlog-sign' into 'master'
update signing and btlog for index-v2

Closes #1005

See merge request fdroid/fdroidserver!1133
2022-05-24 20:28:25 +00:00
Hans-Christoph Steiner
cbd4828561 include index-v2 in signindex tests 2022-05-24 11:35:46 +02:00
Hans-Christoph Steiner
5448fa2a2d
update: hide confusing androguard warning that is irrelevant here
This is related to androguard features that fdroidserver does not use:
WARNING: Requested API level 31 is larger than maximum we have, returning API level 28 instead.
2022-05-23 23:17:42 +02:00
Hans-Christoph Steiner
4ce3da476d
btlog: run black to format code 2022-05-23 23:17:40 +02:00
Hans-Christoph Steiner
7be0ec3572
btlog: include index-v2.json entry.json and entry.jar 2022-05-23 23:17:37 +02:00
Hans-Christoph Steiner
dc3175cc06 Merge branch 'deploy-index-v2' into 'master'
deploy: handle index-v2 files on two pass sync methods

See merge request fdroid/fdroidserver!1132
2022-05-23 13:51:11 +00:00
Hans-Christoph Steiner
2448f070e9 fix tests and docstring error 2022-05-23 15:34:30 +02:00
Hans-Christoph Steiner
293975d081
refactor comment into docstring for update_serverwebroot 2022-05-23 14:41:37 +02:00
Hans-Christoph Steiner
053a64718a
deploy: handle index-v2 files on two pass sync methods
When using rsync or s3cmd, the upload is done in multiple passes. This
reduces the chance of interfering with an existing client-server
interaction.

- rsync: In the first pass, upload without the index files and delay
  the deletion as much as possible.  That keeps the repo functional
  while this update is running.  Then second pass uploads the index
  files.

- s3cmd: In the first pass, only new files are uploaded.  In the
  second pass, changed files are uploaded, overwriting what is on the
  server.  On the third/last pass, the indexes are uploaded, and any
  removed files are deleted from the server.  The last pass is the
  only pass to use a full MD5 checksum of all files to detect changes.
2022-05-23 14:41:34 +02:00
Jochen Sprickerhof
39329b289b Merge branch 'run-tests-in-buildserver' into 'master'
gitlab-ci: run test suite in the buildserver environment

See merge request fdroid/fdroidserver!1129
2022-05-23 12:29:36 +00:00
Hans-Christoph Steiner
e6944ea4c2
gitlab-ci: run test suite in the buildserver environment
Run the whole test suite in an environment that is like the
buildserver guest VM.  This installs python3-babel because that is
only used by the test suite, and not needed in the buildserver.

Some extra packages are required for this test run that are not
provided by the buildserver since they are not needed there:

 * gnupg-agent for the full signing setup
 * python3-babel for compiling localization files
 * python3-clint for fancy progress bars for users

fdroid/ci-images-base is deprecated and archived.
2022-05-23 14:12:06 +02:00
Hans-Christoph Steiner
9eeabddcf0 Merge branch 'skip_apk' into 'master'
Don't include disabled apks in the index

Closes #1002

See merge request fdroid/fdroidserver!1126
2022-05-23 12:05:40 +00:00
Jochen Sprickerhof
b07d23ff5c Don't include disabled apks in the index
This needs a rerun of `fdroid update --clean`.

In case a build is disabled delete_disabled_builds takes care of
deleting it from the repo. But this only works if the apk follows the
normal name pattern. Otherwise it will stay in the folder and be picked
up by process_apks and added to the index.

Closes: #1002
2022-05-23 11:47:53 +00:00
Hans-Christoph Steiner
40f761c482 Merge branch 'index_v2' into 'master'
Index v2

See merge request fdroid/fdroidserver!1092
2022-05-23 10:39:17 +00:00
Jochen Sprickerhof
d70e5c2cd9 Index v2 2022-05-23 10:39:17 +00:00
Hans-Christoph Steiner
45e79b1223 Merge branch 'linsui-master-patch-66548' into 'master'
scanner: add me.pushy

See merge request fdroid/fdroidserver!1130
2022-05-23 07:30:14 +00:00
linsui
13534bf02e scanner: add me.pushy 2022-05-21 12:25:11 +00:00
Jochen Sprickerhof
4babf6fce9 Merge branch 'run-tests-in-buildserver' into 'master'
scanner: include dexdump in buildserver for APK analysis

See merge request fdroid/fdroidserver!1127
2022-05-20 13:30:14 +00:00
Hans-Christoph Steiner
6ef60f0d6b
scanner: include dexdump in buildserver for APK analysis
This scanner feature is not yet ready for the production buildserver but it
is already useful in CI.
2022-05-19 15:45:26 +02:00
Hans-Christoph Steiner
ddcbe23f9e Merge branch 'keep-index-v1.json' into 'master'
signindex: do not remove index-v1.json after signing

Closes #969

See merge request fdroid/fdroidserver!1124
2022-05-17 13:56:32 +00:00
Hans-Christoph Steiner
73c31e6e63
signindex: do not remove index-v1.json after signing
With ~index-v2, the model is changing to offer the plain JSON file for easy
consumption.  Then gpgsign will also provide a detached PGP signature for
systems that would rather verify based on PGP signatures than JAR signatures.

!1080
closes #969
2022-05-17 15:38:06 +02:00