The official Debian Vagrant box seems to be a "batteries included" kind of
thing. The buildserver should be as small as possible, so this removes all
the extraneous packages I could find in the Vagrant basebox.
Adding /bullseye-backports confuses things apparently. Without it, apt
will look in bullseye-backports automatically, including for deps. But it
will not look for deps in bullseye-backports if /bullseye-backports is used.
!1205
This is commented out by default on all OpenJDK packages since Java 8.
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1012?diff_id=263085985#note_726457435
root@sid:/# grep Accessibility /etc/java-*-openjdk/accessibility.properties
/etc/java-11-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-17-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-18-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-8-openjdk/accessibility.properties:assistive_technologies=org.GNOME.Accessibility.AtkWrapper
There has been a whitespace change in the accessibility.properties
configuration file as part of the openjdk-8-jre-headless
8u302-b08-1~deb9u1 version. As we modified the file, this broke
makebuildserver, asking for confirmation.
!822
The gpg dependencies are complicated. The previous setup was always
failing with:
The following information may help to resolve the situation:
The following packages have unmet dependencies:
gpg : Depends: gpgconf (= 2.2.20-1~bpo9+1)
Depends: libassuan0 (>= 2.5.0) but 2.4.3-2 is to be installed
Depends: libgpg-error0 (>= 1.35) but 1.26-2 is to be installed
Thanks to @izzysoft to spotting this.
Up until now, the buildserver has not included androguard. Since a
good version of androguard (v3.3.3+) is included in stretch-backports
and the buildserver is already setup to use stretch-backports, this
sets up the buildserver with androguard.
closes#627
https://gitlab.com/eighthave/fdroiddata/-/jobs/611438997
Otherwise it fails to install:
```
gpg : Depends: gpgconf (= 2.2.20-1~bpo9+1)
Depends: libassuan0 (>= 2.5.0) but 2.4.3-2 is to be installed
Depends: libgpg-error0 (>= 1.35) but 1.26-2 is to be installed
```
* 7e8c244473
* !769
The basebox currently provides sudo, but that may not always be the case.
This makes the sudo dependency explicit, so that this provisioning script
can also be used in other settings, like GitLab CI.
Right now, the only thing that Briar needs in sudo: in order to be built
reproducibly is `apt-get install disorderfs`. This includes it in the
standard image to make it easy to spread that technique to many builds.
@grote
`pip install` is a relatively common thing for app builds to use in sudo=,
so it should be built into the buildserver. This then builds in the trust
relationship to pypi, since it comes from Debian rather than some random
pip download/install process.
We should be replacing all our custom git shell commands with python3-git,
since it is a common library for doing that. It will receive a lot more
attention and maintenance than our code for doing it. For example, we
should not ever use shell=True, since that opens up a lot of security
risks.