There is no longer any reason for these to be intertwined.
This deliberately avoids touching some files as much as possible because
they are super tangled and due to be replaced. Those files are:
* fdroidserver/build.py
* fdroidserver/update.py
# Conflicts:
# tests/testcommon.py
# Conflicts:
# fdroidserver/btlog.py
# fdroidserver/import_subcommand.py
Microsoft and SanDisk sign APKs with a X.509 certificate chain of
trust, so there are actually three certificates included. apksigner
only cares about one certificate and ignores the other certificates in
the chain.
The correct values come from:
apksigner verify --print-certs 883cbdae7aeb2e4b122e8ee8d89966c7062d0d49107a130235fa220a5b994a79.apk
X.509 certificates are machine generated and just data, so are not
copyrightable. So I included SANAPPSI.* directly.
For some APKs, get_certificate() was returning a different result than
apksigner and keytool. So I just took the algorithm from androguard, which
uses asn1crypto instead of pyasn1. So that removes a dependency as well.
asn1crypto is already required by androguard.
The original get_certificate() came from 6e2d0a9e1
We can rely on the debian:testing job to test the bleeding edge, and it is
a lot easier to troubleshoot.
The Fedora job is a lot harder to troubleshoot than the Debian-based jobs,
and they are often quite bleeding edge. Currently, there is a change to
either Python or an image processing lib (Pillow?) that now compresses PNGs
differently than all previous releases. That breaks the tests based on
processing images and checking the SHA-256 matches.
70e7e720b9
fdroidserver!669
When troubleshooting things that are difficult to reproduce locally, like
different behaviors in the fedora_latest job, these changes make it easy to
keep the test files around after the tests run. For example, if PNGs are
processed differently by newer Python versions.
Apparently, the newest Python thingies strip the PNGs a tiny bit smaller,
so a fixed file size will lead to the test failing:
https://gitlab.com/fdroid/fdroidserver/-/jobs/6703386074
```
Traceback (most recent call last):
File "/builds/fdroid/fdroidserver/tests/index.TestCase", line 704, in test_package_metadata
self.assertEqual(36027, metadata['featureGraphic']['en-US']['size'])
AssertionError: 36027 != 35619
```
androguard 4.1 uses a new lib called apkInspector instead of zipfile.ZipFile
so that it can handle usable but invalid ZIP files. It will also throw
ValueError on some things, for example:
Traceback (most recent call last):
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/tests/update.TestCase", line 878, in test_scan_apk_bad_zip
fdroidserver.update.scan_apk(apkfile)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/update.py", line 1586, in scan_apk
scan_apk_androguard(apk, apk_file)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/update.py", line 1725, in scan_apk_androguard
apkobject = common.get_androguard_APK(apkfile)
File "/builds/eighthave/fdroidserver/fdroidserver-2.3a0/fdroidserver/common.py", line 2673, in get_androguard_APK
return APK(apkfile)
File "/usr/local/lib/python3.10/dist-packages/androguard/core/apk/__init__.py", line 273, in __init__
self.zip = ZipEntry.parse(filename, False)
File "/usr/local/lib/python3.10/dist-packages/apkInspector/headers.py", line 410, in parse
eocd = EndOfCentralDirectoryRecord.parse(apk_file)
File "/usr/local/lib/python3.10/dist-packages/apkInspector/headers.py", line 59, in parse
raise ValueError("End of central directory record (EOCD) signature not found")
ValueError: End of central directory record (EOCD) signature not found
/usr/lib/python3/dist-packages/androguard/core/bytecodes/apk.py:884: DeprecationWarning: This method is deprecated since 3.3.5.
It was added in 3.3.5. Debian/bullseye and Ubuntu/20.04/focal both include
new enough versions. Debian/buster's is too old (3.3.3).
