This is commented out by default on all OpenJDK packages since Java 8.
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1012?diff_id=263085985#note_726457435
root@sid:/# grep Accessibility /etc/java-*-openjdk/accessibility.properties
/etc/java-11-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-17-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-18-openjdk/accessibility.properties:#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
/etc/java-8-openjdk/accessibility.properties:assistive_technologies=org.GNOME.Accessibility.AtkWrapper
There has been a whitespace change in the accessibility.properties
configuration file as part of the openjdk-8-jre-headless
8u302-b08-1~deb9u1 version. As we modified the file, this broke
makebuildserver, asking for confirmation.
!822
The gpg dependencies are complicated. The previous setup was always
failing with:
The following information may help to resolve the situation:
The following packages have unmet dependencies:
gpg : Depends: gpgconf (= 2.2.20-1~bpo9+1)
Depends: libassuan0 (>= 2.5.0) but 2.4.3-2 is to be installed
Depends: libgpg-error0 (>= 1.35) but 1.26-2 is to be installed
Thanks to @izzysoft to spotting this.
Up until now, the buildserver has not included androguard. Since a
good version of androguard (v3.3.3+) is included in stretch-backports
and the buildserver is already setup to use stretch-backports, this
sets up the buildserver with androguard.
closes#627
https://gitlab.com/eighthave/fdroiddata/-/jobs/611438997
Otherwise it fails to install:
```
gpg : Depends: gpgconf (= 2.2.20-1~bpo9+1)
Depends: libassuan0 (>= 2.5.0) but 2.4.3-2 is to be installed
Depends: libgpg-error0 (>= 1.35) but 1.26-2 is to be installed
```
* 7e8c244473
* !769
The basebox currently provides sudo, but that may not always be the case.
This makes the sudo dependency explicit, so that this provisioning script
can also be used in other settings, like GitLab CI.
Right now, the only thing that Briar needs in sudo: in order to be built
reproducibly is `apt-get install disorderfs`. This includes it in the
standard image to make it easy to spread that technique to many builds.
@grote
`pip install` is a relatively common thing for app builds to use in sudo=,
so it should be built into the buildserver. This then builds in the trust
relationship to pypi, since it comes from Debian rather than some random
pip download/install process.
We should be replacing all our custom git shell commands with python3-git,
since it is a common library for doing that. It will receive a lot more
attention and maintenance than our code for doing it. For example, we
should not ever use shell=True, since that opens up a lot of security
risks.
The currently included Qt has known security issues and is outdated. This
can now be replaced by downloading and installing the Qt installer using
the sudo= build field. @relan's provisioner system will also replace this
once that's done. There are only two apps that currently use the Qt stuff:
* csd.qtproject.minesweeper
* org.openorienteering.mapper
The ever troublesome gpjenkins box needs to use HTTPS mirrors. Plus it
improves the security of the buildserver, since there have been CVEs that
HTTPS would protect against:
https://www.debian.org/security/2016/dsa-3733
These should be reasonably backwards compatible, and there is already
automake1.11 for those that need a version that old. As for cmake, there
are five apps that seem to it:
com.amaze.filemanager
org.dolphinemu.dolphinemu
org.navitproject.navit
org.yabause.android
org.videolan.vlc
It looks like VLC is the only app that is currently building and using
cmake in the most recent releases. Some of them used to use cmake, but no
longer.
