--- # Copy this file to config.yml, then amend the settings below according to # your system configuration. # Custom path to the Android SDK, defaults to $ANDROID_HOME # sdk_path: $ANDROID_HOME # Paths to installed versions of the Android NDK. This will be # automatically filled out from well known sources like # $ANDROID_HOME/ndk-bundle and $ANDROID_HOME/ndk/*. If a required # version is missing in the buildserver VM, it will be automatically # downloaded and installed into the standard $ANDROID_HOME/ndk/ # directory. Manually setting it here will override the auto-detected # values. The keys can either be the "release" (e.g. r21e) or the # "revision" (e.g. 21.4.7075529). # # ndk_paths: # r10e: $ANDROID_HOME/android-ndk-r10e # r17: "" # 21.4.7075529: ~/Android/Ndk # r22b: null # Directory to store downloaded tools in (i.e. gradle versions) # By default, these are stored in ~/.cache/fdroidserver # cachedir: cache # Specify paths to each major Java release that you want to support # java_paths: # 8: /usr/lib/jvm/java-8-openjdk # Command or path to binary for running Ant # ant: ant # Command or path to binary for running maven 3 # mvn3: mvn # Command or path to binary for running Gradle # Defaults to using an internal gradle wrapper (gradlew-fdroid). # gradle: gradle # Always scan the APKs produced by `fdroid build` for known non-free classes # scan_binary: true # Set the maximum age (in days) of an index that a client should accept from # this repo. Setting it to 0 or not setting it at all disables this # functionality. If you do set this to a non-zero value, you need to ensure # that your index is updated much more frequently than the specified interval. # The same policy is applied to the archive repo, if there is one. # repo_maxage: 0 # Canonical URL of the repositoy, needs to end in /repo. Is is used to identity # the repo in the client, as well. # repo_url: https://MyFirstFDroidRepo.org/fdroid/repo # # Base URL for per-package pages on the website of this repo, # i.e. https://f-droid.org/packages// This should be accessible # with a browser. Setting it to null or not setting this disables the # feature. # repo_web_base_url: https://MyFirstFDroidRepo.org/packages/ # # repo_name: My First F-Droid Repo Demo # repo_description: >- # This is a repository of apps to be used with F-Droid. Applications # in this repository are either official binaries built by the # original application developers, or are binaries built from source # by the admin of f-droid.org using the tools on # https://gitlab.com/fdroid. # As above, but for the archive repo. # # archive_url: https://f-droid.org/archive # archive_web_base_url: # archive_name: My First F-Droid Archive Demo # archive_description: >- # The repository of older versions of packages from the main demo repository. # archive_older sets the number of versions kept in the main repo, with all # older ones going to the archive. Set it to 0, and there will be no archive # repository, and no need to define the other archive_ values. # # archive_older: 3 # The repo's icon defaults to a file called 'icon.png' in the 'icons' # folder for each section, e.g. repo/icons/icon.png and # archive/icons/icon.png. To use a different filename for the icons, # set the filename here. You must still copy it into place in # repo/icons/ and/or archive/icons/. # # repo_icon: myicon.png # archive_icon: myicon.png # This allows a specific kind of insecure APK to be included in the # 'repo' section. Since April 2017, APK signatures that use MD5 are # no longer considered valid, jarsigner and apksigner will return an # error when verifying. `fdroid update` will move APKs with these # disabled signatures to the archive. This option stops that # behavior, and lets those APKs stay part of 'repo'. # # allow_disabled_algorithms: true # Normally, all apps are collected into a single app repository, like on # https://f-droid.org. For certain situations, it is better to make a repo # that is made up of APKs only from a single app. For example, an automated # build server that publishes nightly builds. # per_app_repos: true # `fdroid update` will create a link to the current version of a given app. # This provides a static path to the current APK. To disable the creation of # this link, uncomment this: # make_current_version_link: false # By default, the "current version" link will be based on the "Name" of the # app from the metadata. You can change it to use a different field from the # metadata here: # current_version_name_source: packageName # Optionally, override home directory for gpg # gpghome: /home/fdroid/somewhere/else/.gnupg # The ID of a GPG key for making detached signatures for APKs. Optional. # gpgkey: 1DBA2E89 # The key (from the keystore defined below) to be used for signing the # repository itself. This is the same name you would give to keytool or # jarsigner using -alias. (Not needed in an unsigned repository). # repo_keyalias: fdroidrepo # Optionally, the public key for the key defined by repo_keyalias above can # be specified here. There is no need to do this, as the public key can and # will be retrieved from the keystore when needed. However, specifying it # manually can allow some processing to take place without access to the # keystore. # repo_pubkey: ... # The keystore to use for release keys when building. This needs to be # somewhere safe and secure, and backed up! The best way to manage these # sensitive keys is to use a "smartcard" (aka Hardware Security Module). To # configure F-Droid to use a smartcard, set the keystore file using the keyword # "NONE" (i.e. keystore: "NONE"). That makes Java find the keystore on the # smartcard based on 'smartcardoptions' below. # keystore: ~/.local/share/fdroidserver/keystore.jks # You should not need to change these at all, unless you have a very # customized setup for using smartcards in Java with keytool/jarsigner # smartcardoptions: | # -storetype PKCS11 -providerName SunPKCS11-OpenSC # -providerClass sun.security.pkcs11.SunPKCS11 # -providerArg opensc-fdroid.cfg # The password for the keystore (at least 6 characters). If this password is # different than the keypass below, it can be OK to store the password in this # file for real use. But in general, sensitive passwords should not be stored # in text files! # keystorepass: password1 # The password for keys - the same is used for each auto-generated key as well # as for the repository key. You should not normally store this password in a # file since it is a sensitive password. # keypass: password2 # The distinguished name used for all keys. # keydname: CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US # Use this to override the auto-generated key aliases with specific ones # for particular applications. Normally, just leave it empty. # # keyaliases: # com.example.app: example # # You can also force an app to use the same key alias as another one, using # the @ prefix. # # keyaliases: # com.example.another.plugin: "@com.example.another" # The full path to the root of the repository. It must be specified in # rsync/ssh format for a remote host/path. This is used for syncing a locally # generated repo to the server that is it hosted on. It must end in the # standard public repo name of "/fdroid", but can be in up to three levels of # sub-directories (i.e. /var/www/packagerepos/fdroid). You can include # multiple servers to sync to by wrapping the whole thing in {} or [], and # including the serverwebroot strings in a comma-separated list. # # serverwebroot: user@example:/var/www/fdroid # serverwebroot: # - foo.com:/usr/share/nginx/www/fdroid # - bar.info:/var/www/fdroid # # There is a special mode to only deploy the index file: # # serverwebroot: # - url: 'me@b.az:/srv/fdroid' # index_only: true # When running fdroid processes on a remote server, it is possible to # publish extra information about the status. Each fdroid sub-command # can create repo/status/running.json when it starts, then a # repo/status/.json when it completes. The builds logs # and other processes will also get published, if they are running in # a buildserver VM. The build logs name scheme is: # .../repo/$APPID_$VERCODE.log.gz. These files are also pushed to all # servers configured in 'serverwebroot'. # # deploy_process_logs: true # The full URL to a git remote repository. You can include # multiple servers to mirror to by adding strings to a YAML list or map. # Servers listed here will also be automatically inserted in the mirrors list. # # servergitmirrors: https://github.com/user/repo # servergitmirrors: # - https://github.com/user/repo # - https://gitlab.com/user/repo # # servergitmirrors: # - url: https://github.com/user/repo # - url: https://gitlab.com/user/repo # index_only: true # These settings allow using `fdroid deploy` for publishing APK files from # your repository to GitHub Releases. (You should also run `fdroid update` # every time before deploying to GitHub releases to update index files.) Here's # an example for this deployment automation: # https://github.com/f-droid/fdroidclient/releases/ # # Currently, versions which are assigned to a release channel (e.g. alpha or # beta releases) are ignored. # # In the example below, tokens are read from environment variables. Putting # tokens directly into the config file is also supported but discouraged. It is # highly recommended to use a "Fine-grained personal access token", which is # restricted to the minimum required permissions, which are: # * Metadata - read # * Contents - read/write # (https://github.com/settings/personal-access-tokens/new) # # github_token: {env: GITHUB_TOKEN} # github_releases: # - projectUrl: https://github.com/f-droid/fdroidclient # packageNames: # - org.fdroid.basic # - org.fdroid.fdroid # release_notes_prepend: | # Re-post of official F-Droid App release from https://f-droid.org # - projectUrl: https://github.com/example/app # packageNames: com.example.app # token: {env: GITHUB_TOKEN_EXAMPLE} # Most git hosting services have hard size limits for each git repo. # `fdroid deploy` will delete the git history when the git mirror repo # approaches this limit to ensure that the repo will still fit when # pushed. GitHub recommends 1GB, gitlab.com recommends 10GB. # # git_mirror_size_limit: 10GB # Any mirrors of this repo, for example all of the servers declared in # serverwebroot and all the servers declared in servergitmirrors, # will automatically be used by the client. If one # mirror is not working, then the client will try another. If the # client has Tor enabled, then the client will prefer mirrors with # .onion addresses. This base URL will be used for both the main repo # and the archive, if it is enabled. So these URLs should end in the # 'fdroid' base of the F-Droid part of the web server like serverwebroot. # # mirrors: # - https://foo.bar/fdroid # - http://foobarfoobarfoobar.onion/fdroid # # Or additional metadata can also be included by adding key/value pairs: # # mirrors: # - url: https://foo.bar/fdroid # countryCode: BA # - url: http://foobarfoobarfoobar.onion/fdroid # # The list of mirrors can also be maintained in config/mirrors.yml, a # standalone YAML file in the optional configuration directory. In # that case, mirrors: should be removed from this file (config.yml). # optionally specify which identity file to use when using rsync or git over SSH # # identity_file: ~/.ssh/fdroid_id_rsa # If you are running the repo signing process on a completely offline machine, # which provides the best security, then you can specify a folder to sync the # repo to when running `fdroid deploy`. This is most likely going to # be a USB thumb drive, SD Card, or some other kind of removable media. Make # sure it is mounted before running `fdroid deploy`. Using the # standard folder called 'fdroid' as the specified folder is recommended, like # with serverwebroot. # # local_copy_dir: /media/MyUSBThumbDrive/fdroid # If you are using local_copy_dir on an offline build/signing server, once the # thumb drive has been plugged into the online machine, it will need to be # synced to the copy on the online machine. To make that happen # automatically, set sync_from_local_copy_dir to True: # # sync_from_local_copy_dir: true # To upload the repo to an Amazon S3 bucket using `fdroid deploy' # . rclone, s3cmd and apache libcloud are the available options. # If rclone and s3cmd are not installed, apache libcloud is used. # To use apache libcloud, add the following options to this file # (config.yml) # # awsbucket: myawsfdroid # awsaccesskeyid: SEE0CHAITHEIMAUR2USA # awssecretkey: {env: awssecretkey} # # In case s3cmd is installed and rclone is not installed, # s3cmd will be the preferred sync option. # It will delete and recreate the whole fdroid directory each time. # To customize how s3cmd interacts with the cloud # provider, create a 's3cfg' file next to this file (config.yml), and # those settings will be used instead of any 'aws' variable below. # Secrets can be fetched from environment variables to ensure that # they are not leaked as part of this file. # # awsbucket: myawsfdroid # awsaccesskeyid: SEE0CHAITHEIMAUR2USA # awssecretkey: {env: awssecretkey} # # In case rclone is installed and s3cmd is not installed, # rclone will be the preferred sync option. # It will sync the local folders with remote folders without # deleting anything in one go. # To ensure success, install rclone as per # the instructions at https://rclone.org/install/ and also configure for # object storage services as detailed at https://rclone.org/s3/#configuration # By default rclone uses the configuration file at ~/.config/rclone/rclone.conf # To specify a custom configuration file, please add the full path to the # configuration file as below # # path_to_custom_rclone_config: /home/mycomputer/somedir/example.conf # # This setting will ignore the default rclone config found at # ~/.config/rclone/rclone.conf # # Please note that rclone_config can be assigned a string or list # # awsbucket: myawsfdroid # rclone_config: aws-sample-config # # or # # awsbucket: myawsfdroid # rclone_config: [aws-sample-config, rclone-supported-service-config] # # In case both rclone and s3cmd are installed, the preferred sync # tool can be specified in this file (config.yml) # if s3cmd is preferred, set it as below # # s3cmd: true # # if rclone is preferred, set it as below # # rclone: true # # Please note that only one can be set to true at any time # Also, in the event that both s3cmd and rclone are installed # and both are missing from the config.yml file, the preferred # tool will be s3cmd. # If you want to force 'fdroid server' to use a non-standard serverwebroot. # This will allow you to have 'serverwebroot' entries which do not end in # '/fdroid'. (Please note that some client features expect repository URLs # to end in '/fdroid/repo'.) # # nonstandardwebroot: false # If you want to upload the release APK file to androidobservatory.org # # androidobservatory: false # If you want to upload the release APK file to virustotal.com # You have to enter your profile apikey to enable the upload. # # virustotal_apikey: 9872987234982734 # # Or get it from an environment variable: # # virustotal_apikey: {env: virustotal_apikey} # Keep a log of all generated index files in a git repo to provide a # "binary transparency" log for anyone to check the history of the # binaries that are published. This is in the form of a "git remote", # which this machine where `fdroid update` is run has already been # configured to allow push access (e.g. ssh key, username/password, etc) # binary_transparency_remote: git@gitlab.com:fdroid/binary-transparency-log.git # Set this to true to always use a build server. This saves specifying the # --server option on dedicated secure build server hosts. # build_server_always: true # Limit in number of characters that fields can take up # Only the fields listed here are supported, defaults shown # char_limits: # author: 256 # name: 50 # summary: 80 # description: 4000 # video: 256 # whatsNew: 500 # It is possible for the server operator to specify lists of apps that # must be installed or uninstalled on the client (aka "push installs). # If the user has opted in, or the device is already setup to respond # to these requests, then F-Droid will automatically install/uninstall # the packageNames listed. This is protected by the same signing key # as the app index metadata. # # install_list: # - at.bitfire.davdroid # - com.fsck.k9 # - us.replicant # # uninstall_list: # - com.facebook.orca # - com.android.vending # `fdroid lint` checks licenses in metadata against a built white list. By # default we will require license metadata to be present and only allow # licenses approved either by FSF or OSI. We're using the standardized SPDX # license IDs. (https://spdx.org/licenses/) # # We use `python3 -m spdx-license-list print --filter-fsf-or-osi` for # generating our default list. (https://pypi.org/project/spdx-license-list) # # You can override our default list of allowed licenes by setting this option. # Just supply a custom list of licene names you would like to allow. To disable # checking licenses by the linter, assign an empty value to lint_licenses. # # lint_licenses: # - Custom-License-A # - Another-License # `fdroid scanner` can scan for signatures from various sources. By default # it's configured to only use F-Droids official SUSS collection. We have # support for these special collections: # * 'exodus' - official exodus-privacy.org signatures # * 'etip' - exodus privacy investigation platfrom community contributed # signatures # * 'suss' - official F-Droid: Suspicious or Unwanted Software Signatures # You can also configure scanner to use custom collections of signatures here. # They have to follow the format specified in the SUSS readme. # (https://gitlab.com/fdroid/fdroid-suss/#cache-file-data-format) # # scanner_signature_sources: # - suss # - exodus # - https://example.com/signatures.json # The scanner can use signature sources from the internet. These are # cached locally. To force them to be refreshed from the network on # every run, set this to true: # # refresh_scanner: true