1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 14:30:11 +01:00
Commit Graph

299 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
e180e03a5a tests: fix index-v1.json unicode test 2018-05-28 09:29:11 +02:00
Hans-Christoph Steiner
91068d8e00 tests: rename unicode test file to fix "file name too long" errors
pristine-tar and mkdir barf on this file.
2018-05-25 17:27:58 +02:00
Hans-Christoph Steiner
5ff1b5ef37 verify: exit with error code if any APK fails to verify 2018-05-25 11:56:13 +02:00
Hans-Christoph Steiner
0a15a9b65b tests: fix and test fdroid deploy 2018-05-25 10:32:09 +02:00
Hans-Christoph Steiner
1daa1063c5 tests: keep strerr totally clean on successful runs
Debian's autopkgtest defaults to considering any output on stderr as a sign
that the tests failed.  it is simple to make this achieve that standard, so
it seems worth it for now at least.
2018-05-25 10:32:01 +02:00
Michael Pöhn
6b1f242d25 added tests for common.calculate_math_string 2018-05-22 13:24:37 +02:00
Marcus Hoffmann
a4b6549927
tests: adapt to spdx v4.0.0 2018-05-16 22:49:57 +02:00
Hans-Christoph Steiner
f0795cc092 tests: git repo mirror tests require git >= 2.3 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner
2d3e7ef950 tests: allow tests to run without any Android SDK installed 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner
43c61aecee fix pylint Unused argument 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner
54b21a6d22 move pylint run to standalone gitlab-ci job 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner
b3f45ca024 split pip tests to run separately for Ubuntu/trusty and Debian/stretch
Trying to reuse the pip test run is now a lot more work than just
writing it cutstom for each target platform.

Ubuntu/trusty does not have androguard 3.1.x nor aapt >= 26.x, so
using trusty's aapt will always have errors scraping some names from
APKs.  This continues to use Google's binary.

`apt-get update` is now disabled by default by Travis, this adds it
back so that the latest files from the PPA are used.

Here's one example of an issue with pip on trusty:
https://github.com/requests/requests/issues/4006

    pip3 install --quiet -e /home/travis/build/fdroidtravis/fdroidserver
    Exception:
    Traceback (most recent call last):
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2482, in _dep_map
        return self.__dep_map
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2344, in __getattr__
        raise AttributeError(attr)
    AttributeError: _DistInfoDistribution__dep_map

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python3.4/site-packages/pip/basecommand.py", line 122, in main
        status = self.run(options, args)
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python3.4/site-packages/pip/commands/install.py", line 278, in run
        requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python3.4/site-packages/pip/req.py", line 1266, in prepare_files
        req_to_install.extras):
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2291, in requires
        dm = self._dep_map
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2484, in _dep_map
        self.__dep_map = self._compute_dependencies()
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2517, in _compute_dependencies
        common = frozenset(reqs_for_extra(None))
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/pkg_resources.py", line 2514, in reqs_for_extra
        if req.marker_fn(override={'extra':extra}):
      File "/home/travis/build/fdroidtravis/fdroidserver/env/lib/python-wheels/setuptools-3.3-py2.py3-none-any.whl/_markerlib/markers.py", line 113, in marker_fn
        return eval(compiled_marker, environment)
      File "<environment marker>", line 1, in <module>
    NameError: name 'platform_system' is not defined
2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner
77f7ca2f25 tests: allow the full suite to run without aapt, only androguard 2018-05-04 15:11:25 +02:00
Hans-Christoph Steiner
9cc8826a79 tests: allow running with only androguard, no Android SDK 2018-05-04 15:11:25 +02:00
J-Jamet
d6f1de2649 Fix applicationIdSuffix / versionNameSuffix #455 2018-05-04 12:24:16 +02:00
Hans-Christoph Steiner
27a5cce832 implement common.get_apk_id() using androguard 2018-05-03 13:46:42 +02:00
Hans-Christoph Steiner
98a2f70e38 fix intermittent test failure
For some reason, the parser stopped working intermittently, even
though the format has been the same since aapt 23 or earlier.  Then
also, some of the test cases pointed to symlinks that were no longer
generated, and one test app now has a blank versionName.

Strange that this wasn't caught in the gitlab-ci runs.  !484

FAIL: test_get_api_id_aapt (__main__.CommonTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./common.TestCase", line 578, in testA_get_api_id_aapt
    self.assertEqual(versionName, vn)
AssertionError: '0.1' != "0.1' platformBuildVersionName='4.3.1-1425645"
- 0.1
+ 0.1' platformBuildVersionName='4.3.1-1425645
2018-05-03 13:46:42 +02:00
Hans-Christoph Steiner
0e5ed1bb11 reusable method for checking if a value is a resId or not
I wrote this for the previous commit, but since aapt does not recognize
SDK Version values that are string resources, I made this do the same thing
2018-04-26 15:19:41 +02:00
Hans-Christoph Steiner
e17815e9f0 handle bad SDK Version values in APKs
Even though it is invalid to have *SdkVersion in AndroidManifest.xml set as
anything but an integer, sometimes people manage to get something in there.
`fdroid update` needs to be able to handle all that.

* https://developer.android.com/guide/topics/manifest/uses-sdk-element#min
* https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/AndroidManifest.xml#L29
* https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/res/values/strings.xml#L27

admin#65
2018-04-26 15:19:41 +02:00
Hans-Christoph Steiner
74c6555c71 index: ensure index.xml timestamp is in UTC, closes #481
use verbose but safe syntax so this works with all versions of sed, e.g. osx
2018-04-25 16:35:22 +02:00
Hans-Christoph Steiner
de35f1b05b update: handle APKs with a blank versionName
Instead of just crashing, first try to use the versionName as written in the
build metadata, otherwise just let it be blank.  A blank versionName will
cause fdroidclient < 1.3 to crash.  Blank versionNames are not allowed in
the .txt metadata format, only .yml.

closes #477
closes #478
closes fdroidclient#1416
closes fdroidclient#1417
closes fdroidclient#1418
fdroiddata!3061
2018-04-17 12:36:49 +02:00
Hans-Christoph Steiner
9bf9159a77 update: use only 7 chars of SHA256 for non-APK version name
#460
2018-04-17 12:36:49 +02:00
Hans-Christoph Steiner
74c0e98d82 update index metadata tests for 673a3517d3 2018-04-16 11:47:48 +02:00
Hans-Christoph Steiner
673a3517d3 add test of Android TV "activity banner" graphic
!491

https://developer.android.com/guide/topics/manifest/activity-element.html#banner
https://developer.android.com/training/tv/start/start.html#banner
2018-04-16 11:37:11 +02:00
Jonas Kalderstam
9e4459d7d1 Add test for when apk icon src could not be found
An APK (Netflix) was found to have the following icon filename:

    \u2003\u2009\n.xml

This breaks the aapt dump parsing because it iterates line by line and
this filename goes across two lines. Consequently, icon_src will be
None (default value) when it is passed to the icons parser.
2018-03-27 18:39:59 +02:00
Hans-Christoph Steiner
d98d8c2e52 update: do not crash with androguard when working with apps without icons
For example, SpeedoMeterApp.main_1.apk
2018-03-12 17:55:45 +01:00
Hans-Christoph Steiner
7d79780df0 tests: checkupdates now requires a clean git repo state 2018-03-06 20:50:23 +01:00
Hans-Christoph Steiner
8f30c892c5 VercodeOperation: only allow simple math expresssions and %c 2018-03-05 09:45:58 +01:00
Hans-Christoph Steiner
498ea5d609 lint: ban all dangerous HTML tags
* https://en.wikipedia.org/wiki/HTML_sanitization
* https://asostack.com/enhance-your-google-play-store-description-with-rich-formatting-and-emojis-5f50ff354e5f
2018-02-27 12:09:54 +01:00
Hans-Christoph Steiner
e75bf70be6 signatures: future-proof fetching app ID info from APK
We're not using platformBuildVersionName and it might go away just like it
appeared: with no good reason or announcement.
2018-02-22 15:08:55 +01:00
Hans-Christoph Steiner
089712c012 tests: do not automatically run install.TestCase, its troublesome
`fdroid install` is rarely used, if at all, and the test frequently fails
for no reason in gitlab-ci, because it can't start the adb server.
2018-02-22 15:08:54 +01:00
Hans-Christoph Steiner
52b3436ff6 make is_apk_and_debuggable() default to using androguard before aapt 2018-02-22 15:08:53 +01:00
Hans-Christoph Steiner
40fac10ebc update: extract and store XML icons
These can then be used by the client.

#344
#392
2018-02-15 14:28:45 +01:00
Hans-Christoph Steiner
05eef5a454 metadata: add new Translation app field for URL for contributions
This is a field requested from a bunch of translators so they can easily
find where to translate apps:
https://forum.f-droid.org/t/translation-field-for-app-entries/1403/5
2018-02-05 15:45:12 +01:00
relan
86f34ee70a build: make per-build hard time limit customizable
Add "timeout=n" metadata field that overrides build timeout (in seconds).
The default is 7200, i.e. 2 hours.
2018-01-30 11:14:50 +03:00
Hans-Christoph Steiner
d3caf09421 use standard User-Agent in check-fdroid-apk 2018-01-26 10:18:41 +01:00
Hans-Christoph Steiner
513c95894c build: remove unused, unmaintained Kivy build method
This code has never been used and contains some insecure uses of shell=True
Building Kivy apps should be done with the buildozer=yes method.  The
buildozer method should probably be moved to a provisioner once that is in
place.
2018-01-23 23:16:05 +01:00
Hans-Christoph Steiner
dfbe114af3 new script to audit the FDroid.apk on https://f-droid.org
This makes sure its signed by the F-Droid key.
2018-01-05 14:08:14 +01:00
Hans-Christoph Steiner
6d32b68016 tests: correct package names in stats/known_apks.txt
This doesn't seem to affect the tests either way, but it is good to have
things correct there.
2017-12-28 23:07:26 +01:00
Hans-Christoph Steiner
e451ec0079 common: fix bug in new SHA-256 signatures for >= android-18
Luckily, this is only used in `fdroid nightly` so far.
2017-12-28 23:07:26 +01:00
Hans-Christoph Steiner
109eb928e8 aapt 26.0.0 is required to properly parse permissions and label
#236

closes #395
aapt 26.0.0 outputs the permissions correctly

closes #306
aapt 26.0.0 now outputs:  application-label:'K-9 Mail'
2017-12-28 23:07:26 +01:00
mimi89999
455dcc34d8
Add Nextcloud and DavDroid test case 2017-12-27 11:51:57 +01:00
mimi89999
90c7dd29df
gradle file: use flavour specific versionCode/versionName, fall back to parsing line by line 2017-12-23 17:12:54 +01:00
mimi89999
918bd15c45
Revert: gradle file: use flavour specific versionCode/versionName, fall back to parsing line by line 2017-12-23 12:57:34 +01:00
Hans-Christoph Steiner
173a35b190 tests: only generate keystores when that is actually being tested
Generating a keystore is quite slow since it means a new RSA key is created.
That only needs to happen in the tests that check that it actually happened,
otherwise the test can just reuse the stored test keystore.

closes #432
2017-12-20 23:46:37 +01:00
Hans-Christoph Steiner
39b76b0eda scanner: fix tests so they work on all tested platforms
The standard test configuration is needed to make the tests reliably. Also,
these tests used some odd yield logic.  Who knows what exactly failed, but
these tests should be reliable.

* https://gitlab.com/fdroid/fdroidserver/-/jobs/44984595
* https://gitlab.com/fdroid/fdroidserver/-/jobs/44984596
* https://travis-ci.org/f-droid/fdroidserver/builds/318071369
2017-12-19 22:51:40 +01:00
Hans-Christoph Steiner
86c5598307 Merge branch 'whitelist-firebase' into 'master'
Whitelist some open-source firebase libs

See merge request fdroid/fdroidserver!411
2017-12-18 12:30:30 +00:00
Jan Berkel
365834d3ea Convert to string 2017-12-15 00:58:46 +01:00
Jan Berkel
5dee23f7a6 Add a simple test for scanner 2017-12-15 00:37:52 +01:00
Hans-Christoph Steiner
bde0558d82 update: reject APKs with invalid file sig, probably Janus exploits
This just checks the first four bytes of the APK file, aka the "file
signature", to make sure it is the ZIP signature and not the DEX signature.
This was checked against the test APK, and I ran it against some known
malware and all of f-droid.org to make sure it works.

All valid ZIP files (therefore APK files) should start with the ZIP
Local File Header of four bytes.

https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
2017-12-14 16:57:22 +01:00