mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-14 02:50:12 +01:00
6d541e3ef6
The mirrors: entry in config.yml is great for quick access and shorter mirror lists. Now that we are adding a lot more metadata to the mirrors, including potentially the full text of the privacy policy, having this in its own file should make these cases easier to manage.
370 lines
15 KiB
YAML
370 lines
15 KiB
YAML
---
|
|
# Copy this file to config.yml, then amend the settings below according to
|
|
# your system configuration.
|
|
|
|
# Custom path to the Android SDK, defaults to $ANDROID_HOME
|
|
# sdk_path: $ANDROID_HOME
|
|
|
|
# Paths to installed versions of the Android NDK. This will be
|
|
# automatically filled out from well known sources like
|
|
# $ANDROID_HOME/ndk-bundle and $ANDROID_HOME/ndk/*. If a required
|
|
# version is missing in the buildserver VM, it will be automatically
|
|
# downloaded and installed into the standard $ANDROID_HOME/ndk/
|
|
# directory. Manually setting it here will override the auto-detected
|
|
# values. The keys can either be the "release" (e.g. r21e) or the
|
|
# "revision" (e.g. 21.4.7075529).
|
|
#
|
|
# ndk_paths:
|
|
# r10e: $ANDROID_HOME/android-ndk-r10e
|
|
# r17: ""
|
|
# 21.4.7075529: ~/Android/Ndk
|
|
# r22b: null
|
|
|
|
# Directory to store downloaded tools in (i.e. gradle versions)
|
|
# By default, these are stored in ~/.cache/fdroidserver
|
|
# cachedir: cache
|
|
|
|
# Specify paths to each major Java release that you want to support
|
|
# java_paths:
|
|
# 8: /usr/lib/jvm/java-8-openjdk
|
|
|
|
# Command or path to binary for running Ant
|
|
# ant: ant
|
|
|
|
# Command or path to binary for running maven 3
|
|
# mvn3: mvn
|
|
|
|
# Command or path to binary for running Gradle
|
|
# Defaults to using an internal gradle wrapper (gradlew-fdroid).
|
|
# gradle: gradle
|
|
|
|
# Always scan the APKs produced by `fdroid build` for known non-free classes
|
|
# scan_binary: true
|
|
|
|
# Set the maximum age (in days) of an index that a client should accept from
|
|
# this repo. Setting it to 0 or not setting it at all disables this
|
|
# functionality. If you do set this to a non-zero value, you need to ensure
|
|
# that your index is updated much more frequently than the specified interval.
|
|
# The same policy is applied to the archive repo, if there is one.
|
|
# repo_maxage: 0
|
|
|
|
# Canonical URL of the repositoy, needs to end in /repo. Is is used to identity
|
|
# the repo in the client, as well.
|
|
# repo_url: https://MyFirstFDroidRepo.org/fdroid/repo
|
|
# repo_name: My First F-Droid Repo Demo
|
|
# repo_description: >-
|
|
# This is a repository of apps to be used with F-Droid. Applications
|
|
# in this repository are either official binaries built by the
|
|
# original application developers, or are binaries built from source
|
|
# by the admin of f-droid.org using the tools on
|
|
# https://gitlab.com/fdroid.
|
|
|
|
# As above, but for the archive repo.
|
|
#
|
|
# archive_url: https://f-droid.org/archive
|
|
# archive_name: My First F-Droid Archive Demo
|
|
# archive_description: >-
|
|
# The repository of older versions of packages from the main demo repository.
|
|
|
|
# archive_older sets the number of versions kept in the main repo, with all
|
|
# older ones going to the archive. Set it to 0, and there will be no archive
|
|
# repository, and no need to define the other archive_ values.
|
|
#
|
|
# archive_older: 3
|
|
|
|
# The repo's icon defaults to a file called 'icon.png' in the 'icons'
|
|
# folder for each section, e.g. repo/icons/icon.png and
|
|
# archive/icons/icon.png. To use a different filename for the icons,
|
|
# set the filename here. You must still copy it into place in
|
|
# repo/icons/ and/or archive/icons/.
|
|
#
|
|
# repo_icon: myicon.png
|
|
# archive_icon: myicon.png
|
|
|
|
# This allows a specific kind of insecure APK to be included in the
|
|
# 'repo' section. Since April 2017, APK signatures that use MD5 are
|
|
# no longer considered valid, jarsigner and apksigner will return an
|
|
# error when verifying. `fdroid update` will move APKs with these
|
|
# disabled signatures to the archive. This option stops that
|
|
# behavior, and lets those APKs stay part of 'repo'.
|
|
#
|
|
# allow_disabled_algorithms: true
|
|
|
|
# Normally, all apps are collected into a single app repository, like on
|
|
# https://f-droid.org. For certain situations, it is better to make a repo
|
|
# that is made up of APKs only from a single app. For example, an automated
|
|
# build server that publishes nightly builds.
|
|
# per_app_repos: true
|
|
|
|
# `fdroid update` will create a link to the current version of a given app.
|
|
# This provides a static path to the current APK. To disable the creation of
|
|
# this link, uncomment this:
|
|
# make_current_version_link: false
|
|
|
|
# By default, the "current version" link will be based on the "Name" of the
|
|
# app from the metadata. You can change it to use a different field from the
|
|
# metadata here:
|
|
# current_version_name_source: packageName
|
|
|
|
# Optionally, override home directory for gpg
|
|
# gpghome: /home/fdroid/somewhere/else/.gnupg
|
|
|
|
# The ID of a GPG key for making detached signatures for APKs. Optional.
|
|
# gpgkey: 1DBA2E89
|
|
|
|
# The key (from the keystore defined below) to be used for signing the
|
|
# repository itself. This is the same name you would give to keytool or
|
|
# jarsigner using -alias. (Not needed in an unsigned repository).
|
|
# repo_keyalias: fdroidrepo
|
|
|
|
# Optionally, the public key for the key defined by repo_keyalias above can
|
|
# be specified here. There is no need to do this, as the public key can and
|
|
# will be retrieved from the keystore when needed. However, specifying it
|
|
# manually can allow some processing to take place without access to the
|
|
# keystore.
|
|
# repo_pubkey: ...
|
|
|
|
# The keystore to use for release keys when building. This needs to be
|
|
# somewhere safe and secure, and backed up! The best way to manage these
|
|
# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
|
|
# configure F-Droid to use a smartcard, set the keystore file using the keyword
|
|
# "NONE" (i.e. keystore: "NONE"). That makes Java find the keystore on the
|
|
# smartcard based on 'smartcardoptions' below.
|
|
# keystore: ~/.local/share/fdroidserver/keystore.jks
|
|
|
|
# You should not need to change these at all, unless you have a very
|
|
# customized setup for using smartcards in Java with keytool/jarsigner
|
|
# smartcardoptions: |
|
|
# -storetype PKCS11 -providerName SunPKCS11-OpenSC
|
|
# -providerClass sun.security.pkcs11.SunPKCS11
|
|
# -providerArg opensc-fdroid.cfg
|
|
|
|
# The password for the keystore (at least 6 characters). If this password is
|
|
# different than the keypass below, it can be OK to store the password in this
|
|
# file for real use. But in general, sensitive passwords should not be stored
|
|
# in text files!
|
|
# keystorepass: password1
|
|
|
|
# The password for keys - the same is used for each auto-generated key as well
|
|
# as for the repository key. You should not normally store this password in a
|
|
# file since it is a sensitive password.
|
|
# keypass: password2
|
|
|
|
# The distinguished name used for all keys.
|
|
# keydname: CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US
|
|
|
|
# Use this to override the auto-generated key aliases with specific ones
|
|
# for particular applications. Normally, just leave it empty.
|
|
#
|
|
# keyaliases:
|
|
# com.example.app: example
|
|
#
|
|
# You can also force an app to use the same key alias as another one, using
|
|
# the @ prefix.
|
|
#
|
|
# keyaliases:
|
|
# com.example.another.plugin: "@com.example.another"
|
|
|
|
|
|
# The full path to the root of the repository. It must be specified in
|
|
# rsync/ssh format for a remote host/path. This is used for syncing a locally
|
|
# generated repo to the server that is it hosted on. It must end in the
|
|
# standard public repo name of "/fdroid", but can be in up to three levels of
|
|
# sub-directories (i.e. /var/www/packagerepos/fdroid). You can include
|
|
# multiple servers to sync to by wrapping the whole thing in {} or [], and
|
|
# including the serverwebroot strings in a comma-separated list.
|
|
#
|
|
# serverwebroot: user@example:/var/www/fdroid
|
|
# serverwebroot:
|
|
# - foo.com:/usr/share/nginx/www/fdroid
|
|
# - bar.info:/var/www/fdroid
|
|
|
|
|
|
# When running fdroid processes on a remote server, it is possible to
|
|
# publish extra information about the status. Each fdroid sub-command
|
|
# can create repo/status/running.json when it starts, then a
|
|
# repo/status/<sub-command>.json when it completes. The builds logs
|
|
# and other processes will also get published, if they are running in
|
|
# a buildserver VM. The build logs name scheme is:
|
|
# .../repo/$APPID_$VERCODE.log.gz. These files are also pushed to all
|
|
# servers configured in 'serverwebroot'.
|
|
#
|
|
# deploy_process_logs: true
|
|
|
|
# The full URL to a git remote repository. You can include
|
|
# multiple servers to mirror to by wrapping the whole thing in {} or [], and
|
|
# including the servergitmirrors strings in a comma-separated list.
|
|
# Servers listed here will also be automatically inserted in the mirrors list.
|
|
#
|
|
# servergitmirrors: https://github.com/user/repo
|
|
# servergitmirrors:
|
|
# - https://github.com/user/repo
|
|
# - https://gitlab.com/user/repo
|
|
|
|
# Most git hosting services have hard size limits for each git repo.
|
|
# `fdroid deploy` will delete the git history when the git mirror repo
|
|
# approaches this limit to ensure that the repo will still fit when
|
|
# pushed. GitHub recommends 1GB, gitlab.com recommends 10GB.
|
|
#
|
|
# git_mirror_size_limit: 10GB
|
|
|
|
# Any mirrors of this repo, for example all of the servers declared in
|
|
# serverwebroot and all the servers declared in servergitmirrors,
|
|
# will automatically be used by the client. If one
|
|
# mirror is not working, then the client will try another. If the
|
|
# client has Tor enabled, then the client will prefer mirrors with
|
|
# .onion addresses. This base URL will be used for both the main repo
|
|
# and the archive, if it is enabled. So these URLs should end in the
|
|
# 'fdroid' base of the F-Droid part of the web server like serverwebroot.
|
|
#
|
|
# mirrors:
|
|
# - https://foo.bar/fdroid
|
|
# - http://foobarfoobarfoobar.onion/fdroid
|
|
#
|
|
# Or additional metadata can also be included by adding key/value pairs:
|
|
#
|
|
# mirrors:
|
|
# - url: https://foo.bar/fdroid
|
|
# countryCode: BA
|
|
# - url: http://foobarfoobarfoobar.onion/fdroid
|
|
#
|
|
# The list of mirrors can also be maintained in config/mirrors.yml, a
|
|
# standalone YAML file in the optional configuration directory. In
|
|
# that case, mirrors: should be removed from this file (config.yml).
|
|
|
|
|
|
# optionally specify which identity file to use when using rsync or git over SSH
|
|
#
|
|
# identity_file: ~/.ssh/fdroid_id_rsa
|
|
|
|
|
|
# If you are running the repo signing process on a completely offline machine,
|
|
# which provides the best security, then you can specify a folder to sync the
|
|
# repo to when running `fdroid deploy`. This is most likely going to
|
|
# be a USB thumb drive, SD Card, or some other kind of removable media. Make
|
|
# sure it is mounted before running `fdroid deploy`. Using the
|
|
# standard folder called 'fdroid' as the specified folder is recommended, like
|
|
# with serverwebroot.
|
|
#
|
|
# local_copy_dir: /media/MyUSBThumbDrive/fdroid
|
|
|
|
|
|
# If you are using local_copy_dir on an offline build/signing server, once the
|
|
# thumb drive has been plugged into the online machine, it will need to be
|
|
# synced to the copy on the online machine. To make that happen
|
|
# automatically, set sync_from_local_copy_dir to True:
|
|
#
|
|
# sync_from_local_copy_dir: true
|
|
|
|
|
|
# To upload the repo to an Amazon S3 bucket using `fdroid server
|
|
# update`. Warning, this deletes and recreates the whole fdroid/
|
|
# directory each time. This prefers s3cmd, but can also use
|
|
# apache-libcloud. To customize how s3cmd interacts with the cloud
|
|
# provider, create a 's3cfg' file next to this file (config.yml), and
|
|
# those settings will be used instead of any 'aws' variable below.
|
|
# Secrets can be fetched from environment variables to ensure that
|
|
# they are not leaked as part of this file.
|
|
#
|
|
# awsbucket: myawsfdroid
|
|
# awsaccesskeyid: SEE0CHAITHEIMAUR2USA
|
|
# awssecretkey: {env: awssecretkey}
|
|
|
|
|
|
# If you want to force 'fdroid server' to use a non-standard serverwebroot.
|
|
# This will allow you to have 'serverwebroot' entries which do not end in
|
|
# '/fdroid'. (Please note that some client features expect repository URLs
|
|
# to end in '/fdroid/repo'.)
|
|
#
|
|
# nonstandardwebroot: false
|
|
|
|
|
|
# If you want to upload the release APK file to androidobservatory.org
|
|
#
|
|
# androidobservatory: false
|
|
|
|
|
|
# If you want to upload the release APK file to virustotal.com
|
|
# You have to enter your profile apikey to enable the upload.
|
|
#
|
|
# virustotal_apikey: 9872987234982734
|
|
#
|
|
# Or get it from an environment variable:
|
|
#
|
|
# virustotal_apikey: {env: virustotal_apikey}
|
|
|
|
|
|
# Keep a log of all generated index files in a git repo to provide a
|
|
# "binary transparency" log for anyone to check the history of the
|
|
# binaries that are published. This is in the form of a "git remote",
|
|
# which this machine where `fdroid update` is run has already been
|
|
# configured to allow push access (e.g. ssh key, username/password, etc)
|
|
# binary_transparency_remote: git@gitlab.com:fdroid/binary-transparency-log.git
|
|
|
|
# If you want to keep the "added" and "last updated" dates for each
|
|
# app and APK in your repo, enable this. The name comes from an old
|
|
# system for tracking statistics that is no longer included.
|
|
# update_stats: true
|
|
|
|
# Set this to true to always use a build server. This saves specifying the
|
|
# --server option on dedicated secure build server hosts.
|
|
# build_server_always: true
|
|
|
|
# Limit in number of characters that fields can take up
|
|
# Only the fields listed here are supported, defaults shown
|
|
# char_limits:
|
|
# author: 256
|
|
# name: 50
|
|
# summary: 80
|
|
# description: 4000
|
|
# video: 256
|
|
# whatsNew: 500
|
|
|
|
# It is possible for the server operator to specify lists of apps that
|
|
# must be installed or uninstalled on the client (aka "push installs).
|
|
# If the user has opted in, or the device is already setup to respond
|
|
# to these requests, then F-Droid will automatically install/uninstall
|
|
# the packageNames listed. This is protected by the same signing key
|
|
# as the app index metadata.
|
|
#
|
|
# install_list:
|
|
# - at.bitfire.davdroid
|
|
# - com.fsck.k9
|
|
# - us.replicant
|
|
#
|
|
# uninstall_list:
|
|
# - com.facebook.orca
|
|
# - com.android.vending
|
|
|
|
# `fdroid lint` checks licenses in metadata against a built white list. By
|
|
# default we will require license metadata to be present and only allow
|
|
# licenses approved either by FSF or OSI. We're using the standardized SPDX
|
|
# license IDs. (https://spdx.org/licenses/)
|
|
#
|
|
# We use `python3 -m spdx-license-list print --filter-fsf-or-osi` for
|
|
# generating our default list. (https://pypi.org/project/spdx-license-list)
|
|
#
|
|
# You can override our default list of allowed licenes by setting this option.
|
|
# Just supply a custom list of licene names you would like to allow. To disable
|
|
# checking licenses by the linter, assign an empty value to lint_licenses.
|
|
#
|
|
# lint_licenses:
|
|
# - Custom-License-A
|
|
# - Another-License
|
|
|
|
# `fdroid scanner` can scan for signatures from various sources. By default
|
|
# it's configured to only use F-Droids official SUSS collection. We have
|
|
# support for these special collections:
|
|
# * 'exodus' - official exodus-privacy.org signatures
|
|
# * 'etip' - exodus privacy investigation platfrom community contributed
|
|
# signatures
|
|
# * 'suss' - official F-Droid: Suspicious or Unwanted Software Signatures
|
|
# You can also configure scanner to use custom collections of signatures here.
|
|
# They have to follow the format specified in the SUSS readme.
|
|
# (https://gitlab.com/fdroid/fdroid-suss/#cache-file-data-format)
|
|
#
|
|
# scanner_signature_sources:
|
|
# - suss
|
|
# - exodus
|
|
# - https://example.com/signatures.json
|