1 \input texinfo @c -*-texinfo-*-
3 @setfilename fdroid.info
4 @documentencoding UTF-8
5 @settitle F-Droid Server Manual
9 This manual is for the F-Droid repository server tools.
11 Copyright @copyright{} 2010, 2011, 2012, 2013, 2014, 2015 Ciaran Gultnieks
13 Copyright @copyright{} 2011 Henrik Tunedal, Michael Haas, John Sullivan
15 Copyright @copyright{} 2013 David Black
17 Copyright @copyright{} 2013, 2014, 2015 Daniel MartÃ
19 Copyright @copyright{} 2015 Boris Kraut
22 Permission is granted to copy, distribute and/or modify this document
23 under the terms of the GNU Free Documentation License, Version 1.3
24 or any later version published by the Free Software Foundation;
25 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
26 A copy of the license is included in the section entitled "GNU
27 Free Documentation License".
32 @title F-Droid Server Manual
33 @author Ciaran Gultnieks and the F-Droid project
35 @vskip 0pt plus 1filll
51 * System Requirements::
53 * Simple Binary Repository::
54 * Building Applications::
55 * Importing Applications::
60 * Vulnerability Scanning::
61 * GNU Free Documentation License::
68 The F-Droid server tools provide various scripts and tools that are used
69 to maintain the main F-Droid application repository. You can use these same
70 tools to create your own additional or alternative repository for publishing,
71 or to assist in creating, testing and submitting metadata to the main
75 @node System Requirements
76 @chapter System Requirements
80 The system requirements for using the tools will vary depending on your
81 intended usage. At the very least, you'll need:
89 The Android SDK Tools and Build-tools.
90 Note that F-Droid does not assume that you have the Android SDK in your
91 @code{PATH}: these directories will be specified in your repository
92 configuration. Recent revisions of the SDK have @code{aapt} located in
93 android-sdk/build-tools/ and it may be necessary to make a symlink to it in
94 android-sdk/platform-tools/
97 If you intend to build applications from source you'll also need most, if not
98 all, of the following:
102 JDK (Debian package openjdk-6-jdk): openjdk-6 is recommended though openjdk-7
105 VCS clients: svn, git, git-svn, hg, bzr
107 A keystore for holding release keys. (Safe, secure and well backed up!)
110 If you intend to use the 'Build Server' system, for secure and clean builds
111 (highly recommended), you will also need:
115 VirtualBox (debian package virtualbox)
117 Ruby (debian packages ruby and rubygems)
119 Vagrant (debian package vagrant - 1.4.x or higher required)
121 vagrant-cachier plugin (unpackaged): `vagrant plugin install vagrant-cachier`
123 Paramiko (debian package python-paramiko)
125 Imaging (debian package python-imaging)
128 On the other hand, if you want to build the apps directly on your system
129 without the 'Build Server' system, you may need:
133 All SDK platforms requested by the apps you want to build
134 (The Android SDK is made available by Google under a proprietary license but
135 within that, the SDK platforms, support library and some other components are
136 under the Apache license and source code is provided.
137 Google APIs, used for building apps using Google Maps, are free to the extent
138 that the library comes pre-installed on the device.
139 Google Play Services, Google Admob and others are proprietary and shouldn't be
140 included in the main F-Droid repository.)
142 A version of the Android NDK
144 Ant with Contrib Tasks (Debian packages ant and ant-contrib)
146 Maven (Debian package maven)
148 JavaCC (Debian package javacc)
150 Miscellaneous packages listed in
151 buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
152 of the F-Droid server repository
158 @cindex setup, installation
160 Because the tools and data will always change rapidly, you will almost
161 certainly want to work from a git clone of the tools at this stage. To
165 git clone https://gitlab.com/fdroid/fdroidserver.git
168 You now have lots of stuff in the fdroidserver directory, but the most
169 important is the 'fdroid' command script which you run to perform all tasks.
170 This script is always run from a repository data directory, so the
171 most sensible thing to do next is to put your new fdroidserver directory
176 To do anything, you'll need at least one repository data directory. It's
177 from this directory that you run the @code{fdroid} command to perform all
178 repository management tasks. You can either create a brand new one, or
179 grab a copy of the data used by the main F-Droid repository:
182 git clone https://gitlab.com/fdroid/fdroiddata.git
185 Regardless of the intended usage of the tools, you will always need to set
186 up some basic configuration details. This is done by creating a file called
187 @code{config.py} in the data directory. You should do this by copying the
188 example file (@code{./examples/config.py}) from the fdroidserver project to
189 your data directory and then editing according to the instructions within.
191 Once configured in this way, all the functionality of the tools is accessed
192 by running the @code{fdroid} command. Run it on its own to get a list of the
193 available sub-commands.
195 You can follow any command with @code{--help} to get a list of additional
196 options available for that command.
203 @node Simple Binary Repository
204 @chapter Simple Binary Repository
208 If you want to maintain a simple repository hosting only binary APKs obtained
209 and compiled elsewhere, the process is quite simple:
213 Set up the server tools, as described in Setup.
215 Make a directory for your repository. This is the directory from which you
216 will do all the work with your repository. Create a config file there, called
217 @code{config.py}, by copying @code{./examples/config.py} from the server
218 project and editing it.
220 Within that, make a directory called @code{repo} and put APK files in it.
222 Run @code{fdroid update}.
224 If it reports that any metadata files are missing, you can create them
225 in the @code{metadata} directory and run it again.
227 To ease creation of metadata files, run @code{fdroid update} with the @code{-c}
228 option. It will create 'skeleton' metadata files that are missing, and you can
229 then just edit them and fill in the details.
231 Then, if you've changed things, run @code{fdroid update} again.
233 Running @code{fdroid update} adds an Icons directory into the repo directory,
234 and also creates the repository index (index.xml, and also index.jar if you've
235 configured the system to use a signed index).
237 Publish the resulting contents of the @code{repo} directory to your web server.
240 Following the above process will result in a @code{repo} directory, which you
241 simply need to push to any HTTP (or preferably HTTPS) server to make it
244 While some information about the applications (and versions thereof) is
245 retrieved directly from the APK files, most comes from the corresponding file
246 in the @code{metadata} directory. The metadata file covering ALL versions of a
247 particular application is named @code{package.id.txt} where package.id is the
248 unique identifier for that package.
250 See the Metadata chapter for details of what goes in the metadata file. All
251 fields are relevant for binary APKs, EXCEPT for @code{Build:} entries, which
255 @node Building Applications
256 @chapter Building Applications
258 Instead of (or as well as) including binary APKs from external sources in a
259 repository, you can build them directly from the source code.
261 Using this method, it is is possible to verify that the application builds
262 correctly, corresponds to the source code, and contains only free software.
263 Unforunately, in the Android world, it seems to be very common for an
264 application supplied as a binary APK to present itself as Free Software
265 when in fact some or all of the following are true:
269 The source code (either for a particular version, or even all versions!) is
270 unavailable or incomplete.
272 The source code is not capable of producing the actual binary supplied.
274 The 'source code' contains binary files of unknown origin, or with proprietary
278 For this reason, source-built applications are the preferred method for the
279 main F-Droid repository, although occasionally for technical or historical
280 reasons, exceptions are made to this policy.
282 When building applications from source, it should be noted that you will be
283 signing them (all APK files must be signed to be installable on Android) with
284 your own key. When an application is already installed on a device, it is not
285 possible to upgrade it in place to a new version signed with a different key
286 without first uninstalling the original. This may present an inconvenience to
287 users, as the process of uninstalling loses any data associated with the
288 previous installation.
290 The process for managing a repository for built-from-source applications is
291 very similar to that described in the Simple Binary Repository chapter,
292 except now you need to:
296 Include Build entries in the metadata files.
298 Run @code{fdroid build} to build any applications that are not already built.
300 Run @code{fdroid publish} to finalise packaging and sign any APKs that have
305 @section More about "fdroid build"
307 When run without any parameters, @code{fdroid build} will build any and all
308 versions of applications that you don't already have in the @code{repo}
309 directory (or more accurately, the @code{unsigned} directory). There are various
310 other things you can do. As with all the tools, the @code{--help} option is
311 your friend, but a few annotated examples and discussion of the more common
314 To build a single version of a single application, you could run the
318 fdroid build org.fdroid.fdroid:16
321 This attempts to build version code 16 (which is version 0.25) of the F-Droid
322 client. Many of the tools recognise arguments as packages, allowing their
323 activity to be limited to just a limited set of packages.
325 If the build above was successful, two files will have been placed in the
326 @code{unsigned} directory:
329 org.fdroid.fdroid_16.apk
330 org.fdroid.fdroid_16_src.tar.gz
333 The first is the (unsigned) APK. You could sign this with a debug key and push
334 it direct to your device or an emulator for testing. The second is a source
335 tarball containing exactly the source that was used to generate the binary.
337 If you were intending to publish these files, you could then run:
343 The source tarball would move to the @code{repo} directory (which is the
344 directory you would push to your web server). A signed and zip-aligned version
345 of the APK would also appear there, and both files would be removed from the
346 @code{unsigned} directory.
348 If you're building purely for the purposes of testing, and not intending to
349 push the results to a repository, at least yet, the @code{--test} option can be
350 used to direct output to the @code{tmp} directory instead of @code{unsigned}.
351 A similar effect could by achieved by simply deleting the output files from
352 @code{unsigned} after the build, but with the risk of forgetting to do so!
354 Along similar lines (and only in conjunction with @code{--test}, you can use
355 @code{--force} to force a build of a Disabled application, where normally it
356 would be completely ignored. Similarly a version that was found to contain
357 ELFs or known non-free libraries can be forced to build. See also —
358 @code{scanignore=} and @code{scandelete=} in the @code{Build:} section.
360 If the build was unsuccessful, you can find out why by looking at the output
361 in the logs/ directory. If that isn't illuminating, try building the app the
362 regular way, step by step: android update project, ndk-build, ant debug.
364 Note that source code repositories often contain prebuilt libraries. If the
365 app is being considered for the main F-Droid repository, it is important that
366 all such prebuilts are built either via the metadata or by a reputable third
370 @section Running "fdroid build" in your app's source
372 Another option for using @code{fdroid build} is to use a metadata file
373 that is included in the app's source itself, rather than in a
374 @code{metadata/} folder with lots of other apps. This metadata file
375 should be in the root of your source repo, and be called
376 @code{.fdroid.json}, @code{.fdroid.xml}, @code{.fdroid.yaml}, or
377 @code{.fdroid.txt}, depending on your preferred data format: JSON,
378 XML, YAML, or F-Droid's @code{.txt} format.
380 Once you have that setup, you can build the most recent version of
381 the app using the whole FDroid stack by running:
387 If you want to build every single version, then specify @code{--all}.
390 @section Direct Installation
392 You can also build and install directly to a connected device or emulator
393 using the @code{fdroid install} command. If you do this without passing
394 packages as arguments then all the latest built and signed version available
395 of each package will be installed . In most cases, this will not be what you
396 want to do, so execution will stop straight away. However, you can override
397 this if you're sure that's what you want, by using @code{--all}. Note that
398 currently, no sanity checks are performed with this mode, so if the files in
399 the signed output directory were modified, you won't be notified.
402 @node Importing Applications
403 @chapter Importing Applications
405 To help with starting work on including a new application, use
406 @code{fdroid import} to set up a new template project. It has two
407 modes of operation, starting with a cloned git repo:
410 git clone https://gitlab.com/fdroid/fdroidclient
415 Or starting with a URL to a project page:
418 fdroid import --url=http://address.of.project
421 When a URL is specified using the @code{--url=} flag, @code{fdroid
422 import} will use that URL to find out information about the project,
423 and if it finds a git repo, it will also clone that. For this to
424 work, the URL must point to a project format that the script
425 understands. Currently this is limited to one of the following:
429 GitLab - @code{https://gitlab.com/PROJECTNAME/REPONAME}
431 Gitorious - @code{https://gitorious.org/PROJECTNAME/REPONAME}
433 Github - @code{https://github.com/USER/PROJECT}
435 Google Code - @code{http://code.google.com/p/PROJECT/}
436 Supports git, svn and hg repos.
438 Some Google Code projects have multiple repositories, identified by a
439 dropdown list on the @code{source/checkout} page. To access one other than
440 the default, specify its name using the @code{--repo} switch.
442 Bitbucket - @code{https://bitbucket.org/USER/PROJECT/}
444 Git - @code{git://REPO}
447 Depending on the project type, more or less information may be gathered. For
448 example, the license will be retrieved from a Google Code project, but not a
449 GitHub one. A bare repo url, such as the git:// one, is the least preferable
450 optional of all, since you will have to enter much more information manually.
452 If the import is successful, a metadata file will be created. You will need to
453 edit this further to check the information, and fill in the blanks.
455 If it fails, you'll be told why. If it got as far as retrieving the source
456 code, you can inspect it further by looking in @code{tmp/importer} where a full
459 A frequent cause of initial failure is that the project directory is actually
460 a subdirectory in the repository. In this case, run the importer again using
461 the @code{--subdir} option to tell it where. It will not attempt to determine
462 this automatically, since there may be several options.
470 Information used by update.py to compile the public index comes from two
475 the APK files in the repo directory, and
477 the metadata files in the metadata directory.
480 The original metadata files are simple, easy to edit text files,
481 always named as the application's package ID with '.txt' appended.
482 Additionally, you can use JSON, XML, or YAML for app metadata, using
483 the same fields as the original '.txt' format.
485 Note that although the metadata files are designed to be easily read
486 and writable by humans, they are also processed and written by various
487 scripts. The original '.txt' format can be automatically cleaned up
488 when necessary. The structure and comments will be preserved
489 correctly, although the order of fields will be standardised. (In the
490 event that the original file was in a different order, comments are
491 considered as being attached to the field following them). In fact,
492 you can standardise all the '.txt' metadata in a single command,
493 without changing the functional content, by running:
499 Or just run it on a specific app:
502 fdroid rewritemeta org.adaway
505 The following sections describe the fields recognised within the file.
534 * Update Check Mode::
535 * Update Check Ignore::
536 * Vercode Operation::
537 * Update Check Name::
538 * Update Check Data::
541 * Current Version Code::
548 Any number of categories for the application to be placed in. There is no
549 fixed list of categories - both the client and the web site will automatically
550 show any categories that exist in any applications. However, if your metadata
551 is intended for the main F-Droid repository, you should use one of the
552 existing categories (look at the site/client), or discuss the proposal to add
555 Categories must be separated by a single comma character, ','. For backwards
556 compatibility, F-Droid will use the first category given as <category> element
557 for older clients to at least see one category.
559 This is converted to (@code{<categories>}) in the public index file.
566 The name of the author, either full, abbreviated or pseudonym. If
567 present, it should represent the name(s) as published by upstream,
568 e.g. in their copyright or authors file. This can be omitted (or left
571 This is converted to (@code{<author>}) in the public index file.
574 @section Author Email
578 The e-mail address of the author(s). This can be omitted (or left
581 This is converted to (@code{<email>}) in the public index file.
588 The overall license for the application, or in certain cases, for the
601 GNU GPL version 2 or later
609 GNU GPL version 3 or later
613 An unspecified GPL version. Use this only as a last resort or if there is
614 some confusion over compatiblity of component licenses: particularly the use of
615 Apache libraries with GPLv2 source code.
619 Afferro GPL version 3.
631 BSD license - the original '4-clause' version.
635 BSD license - the new, or modified, version.
639 This is converted to (@code{<license>}) in the public index file.
646 The name of the application as can best be retrieved from the source code.
647 This is done so that the commitupdates script can put a familiar name in the
648 description of commits created when a new update of the application is
649 found. The Auto Name entry is generated automatically when @code{fdroid
650 checkupdates} is run.
657 The name of the application. Normally, this field should not be present since
658 the application's correct name is retrieved from the APK file. However, in a
659 situation where an APK contains a bad or missing application name, it can be
660 overridden using this. Note that this only overrides the name in the list of
661 apps presented in the client; it doesn't changed the name or application label
669 Comma-separated list of application IDs that this app provides. In other
670 words, if the user has any of these apps installed, F-Droid will show this app
671 as installed instead. It will also appear if the user clicks on urls linking
672 to the other app IDs. Useful when an app switches package name, or when you
673 want an app to act as multiple apps.
680 The URL for the application's web site. If there is no relevant web site, this
681 can be omitted (or left blank).
683 This is converted to (@code{<web>}) in the public index file.
690 The URL to view or obtain the application's source code. This should be
691 something human-friendly. Machine-readable source-code is covered in the
694 This is converted to (@code{<source>}) in the public index file.
697 @section Issue Tracker
699 @cindex Issue Tracker
701 The URL for the application's issue tracker. Optional, since not all
702 applications have one.
704 This is converted to (@code{<tracker>}) in the public index file.
711 The URL for the application's changelog. Optional, since not all
712 applications have one.
714 This is converted to (@code{<changelog>}) in the public index file.
721 The URL to donate to the project. This should be the project's donate page
724 It is possible to use a direct PayPal link here, if that is all that is
725 available. However, bear in mind that the developer may not be aware of
726 that direct link, and if they later changed to a different PayPal account,
727 or the PayPal link format changed, things could go wrong. It is always
728 best to use a link that the developer explicitly makes public, rather than
729 something that is auto-generated 'button code'.
731 This is converted to (@code{<donate>}) in the public index file.
738 The project's Flattr (http://flattr.com) ID, if it has one. This should be
739 a numeric ID, such that (for example) https://flattr.com/thing/xxxx leads
740 directly to the page to donate to the project.
742 This is converted to (@code{<flattr>}) in the public index file.
749 A bitcoin address for donating to the project.
751 This is converted to (@code{<bitcoin>}) in the public index file.
758 A litecoin address for donating to the project.
765 A brief summary of what the application is. Since the summary is only allowed
766 one line on the list of the F-Droid client, keeping it to within 80 characters
767 will ensure it fits most screens.
774 A full description of the application, relevant to the latest version.
775 This can span multiple lines (which should be kept to a maximum of 80
776 characters), and is terminated by a line containing a single '.'.
778 Basic MediaWiki-style formatting can be used. Leaving a blank line starts a
779 new paragraph. Surrounding text with @code{''} make it italic, and with
780 @code{'''} makes it bold.
782 You can link to another app in the repo by using @code{[[app.id]]}. The link
783 will be made appropriately whether in the Android client, the web repo
784 browser or the wiki. The link text will be the apps name.
786 Links to web addresses can be done using @code{[http://example.com Text]}.
788 Bulletted lists are done by simply starting each item with a @code{*} on
789 a new line, and numbered lists are the same but using @code{#}. There is
790 currently no support for nesting lists - you can have one level only.
792 It can be helpful to note information pertaining to updating from an
793 earlier version; whether the app contains any prebuilts built by the
794 upstream developers or whether non-free elements were removed; whether the
795 app is in rapid development or whether the latest version lags behind the
796 current version; whether the app supports multiple architectures or whether
797 there is a maximum SDK specified (such info not being recorded in the index).
799 This is converted to (@code{<desc>}) in the public index file.
801 @node Maintainer Notes
802 @section Maintainer Notes
804 @cindex Maintainer Notes
806 This is a multi-line field using the same rules and syntax as the description.
807 It's used to record notes for F-Droid maintainers to assist in maintaining and
808 updating the application in the repository.
810 This information is also published to the wiki.
817 The type of repository - for automatic building from source. If this is not
818 specified, automatic building is disabled for this application. Possible
841 The repository location. Usually a git: or svn: URL, for example.
843 The git-svn option connects to an SVN repository, and you specify the URL in
844 exactly the same way, but git is used as a back-end. This is preferable for
845 performance reasons, and also because a local copy of the entire history is
846 available in case the upstream repository disappears. (It happens!). In
847 order to use Tags as update check mode for this VCS type, the URL must have
848 the tags= special argument set. Likewise, if you intend to use the
849 RepoManifest/branch scheme, you would want to specify branches= as well.
850 Finally, trunk= can also be added. All these special arguments will be passed
851 to "git svn" in order, and their values must be relative paths to the svn repo
853 Here's an example of a complex git-svn Repo URL:
854 http://svn.code.sf.net/p/project/code/svn;trunk=trunk;tags=tags;branches=branches
856 If the Repo Type is @code{srclib}, then you must specify the name of the
857 according srclib .txt file. For example if @code{scrlibs/FooBar.txt} exist
858 and you want to use this srclib, then you have to set Repo to
866 The location of binaries used in verification process.
868 If specified, F-Droid will verify the output apk file of a build against the
869 one specified. You can use %v and %c to point to the version name and version
870 code of the current build. To verify the F-Droid client itself you could use:
871 @code{Binaries:https://f-droid.org/repo/org.fdroid.fdroid_%c.apk}
873 F-Droid will use upstream binaries if the verification succeeded.
880 Any number of these fields can be present, each specifying a version to
881 automatically build from source. The value is a comma-separated list.
886 The above specifies to build version 1.2, which has a version code of 12.
887 The @code{commit=} parameter specifies the tag, commit or revision number from
888 which to build it in the source repository. It is the only mandatory flag,
889 which in this case could for example be @code{commit=v1.2}.
891 In addition to the three, always required, parameters described above,
892 further parameters can be added (in name=value format) to apply further
893 configuration to the build. These are (roughly in order of application):
897 @item disable=<message>
898 Disables this build, giving a reason why. (For backwards compatibility, this
899 can also be achieved by starting the commit ID with '!')
901 The purpose of this feature is to allow non-buildable releases (e.g. the source
902 is not published) to be flagged, so the scripts don't generate repeated
903 messages about them. (And also to record the information for review later).
904 If an apk has already been built, disabling causes it to be deleted once
905 @code{fdroid update} is run; this is the procedure if ever a version has to
909 Specifies to build from a subdirectory of the checked out source code.
910 Normally this directory is changed to before building,
913 Use if the project (git only) has submodules - causes @code{git submodule
914 update --init --recursive} to be executed after the source is cloned.
915 Submodules are reset and cleaned like the main app repository itself before
919 As for 'prebuild', but runs on the source code BEFORE any other processing
922 You can use $$SDK$$, $$NDK$$, $$MVN3$$ and $$QT$$ to substitute the paths
923 to the android SDK and NDK directories, maven 3 executable, and Qt SDK
924 directory respectively. The following per-build variables are available
925 likewise: $$VERSION$$, $$VERCODE$$ and $$COMMIT$$.
928 The sdk location in the repo is in an old format, or the build.xml is
929 expecting such. The 'new' format is sdk.dir while the VERY OLD format
930 is sdk-location. Typically, if you get a message along the lines of:
931 "com.android.ant.SetupTask cannot be found" when trying to build, then
932 try enabling this option.
934 @item target=<target>
935 Specifies a particular SDK target for compilation, overriding the value
936 defined in the code by upstream. This has different effects depending on what
937 build system used — this flag currently affects Ant, Maven and Gradle projects
938 only. Note that this does not change the target SDK in the
939 AndroidManifest.xml, which determines the level of features that can be
940 included in the build.
942 In the case of an Ant project, it modifies project.properties of the app and
943 possibly sub-projects. This is likely to cause the whole build.xml to be
944 rewritten, which is fine if it's a 'standard' android file or doesn't already
945 exist, but not a good idea if it's heavily customised.
947 @item update=<auto/dirs>
948 By default, 'android update' is used in Ant builds to generate or update the
949 project and all its referenced projects. Specifying update=no bypasses that.
950 Note that this is useless in builds that don't use Ant.
952 Default value is '@code{auto}', which recursively uses the paths in
953 project.properties to find all the subprojects to update.
955 Otherwise, the value can be a comma-separated list of directories in which to
956 run 'android update' relative to the application directory.
959 Adds a java.encoding property to local.properties with the given
960 value. Generally the value will be 'utf-8'. This is picked up by the
961 SDK's ant rules, and forces the Java compiler to interpret source
962 files with this encoding. If you receive warnings during the compile
963 about character encodings, you probably need this.
965 @item forceversion=yes
966 If specified, the package version in AndroidManifest.xml is replaced
967 with the version name for the build as specified in the metadata.
969 This is useful for cases when upstream repo failed to update it for
970 specific tag; to build an arbitrary revision; to make it apparent that
971 the version differs significantly from upstream; or to make it apparent
972 which architecture or platform the apk is designed to run on.
974 @item forcevercode=yes
975 If specified, the package version code in the AndroidManifest.xml is
976 replaced with the version code for the build. See also forceversion.
978 @item rm=<path1>[,<path2>,...]
979 Specifies the relative paths of files or directories to delete before
980 the build is done. The paths are relative to the base of the build
981 directory - i.e. the root of the directory structure checked out from
982 the source respository - not necessarily the directory that contains
985 Multiple files/directories can be specified by separating them with ','.
986 Directories will be recursively deleted.
988 @item extlibs=<lib1>[,<lib2>,...]
989 Comma-separated list of external libraries (jar files) from the
990 @code{build/extlib} library, which will be placed in the @code{libs} directory
993 @item srclibs=[n:]a@@r,[n:]b@@r1,...
994 Comma-separated list of source libraries or Android projects. Each item is of
995 the form name@@rev where name is the predefined source library name and rev is
996 the revision or tag to use in the respective source control.
998 For Ant projects, you can optionally append a number with a colon at the
999 beginning of a srclib item to automatically place it in project.properties as
1000 a library under the specified number. For example, if you specify
1001 @code{1:somelib@@1.0}, F-Droid will automatically do the equivalent of the
1002 legacy practice @code{prebuild=echo "android.library.reference.1=$$somelib$$"
1003 >> project.properties}.
1005 Each srclib has a metadata file under srclibs/ in the repository directory,
1006 and the source code is stored in build/srclib/.
1007 Repo Type: and Repo: are specified in the same way as for apps; Subdir: can be
1008 a comma separated list, for when directories are renamed by upstream; Update
1009 Project: updates the projects in the working directory and one level down;
1010 Prepare: can be used for any kind of preparation: in particular if you need to
1011 update the project with a particular target. You can then also use $$name$$ in
1012 the init/prebuild/build command to substitute the relative path to the library
1013 directory, but it could need tweaking if you've changed into another directory.
1015 Currently srclibs are necessary when upstream uses jar files or pulls
1016 dependencies from non-trusted repositories. While there is no guarantee that
1017 those binaries are free and correspondent to the source code, F-Droid allows
1018 the following known repositories until a source-built alternative is available:
1023 @samp{mavenCentral} - the original repo, hardcoded in Maven and Gradle.
1026 @samp{jCenter} - hardcoded in Gradle, this repo by Bintray tries to provide
1027 easier handling. It should sync with mavenCentral from time to time.
1030 @samp{OSS Sonatype} - maintained by the people behind mavenCentral, this
1031 repository focuses on hosting services for open source project binaries.
1034 @samp{JitPack.io} - builds directly from Github repositories. However,
1035 they do not provide any option to reproduce or verify the resulting
1036 binaries. Builds pre-release versions in some cases.
1039 @samp{Clojars} - Clojure libraries repo.
1042 @samp{CommonsWare} - repo holding a collection of open-source libs.
1047 Apply patch(es). 'x' names one (or more - comma-seperated) files within a
1048 directory below the metadata, with the same name as the metadata file but
1049 without the extension. Each of these patches is applied to the code in turn.
1052 Specifies a shell command (or commands - chain with &&) to run before the
1053 build takes place. Backslash can be used as an escape character to insert
1054 literal commas, or as the last character on a line to join that line with the
1055 next. It has no special meaning in other contexts; in particular, literal
1056 backslashes should not be escaped.
1058 The command runs using bash.
1060 Note that nothing should be built during this prebuild phase - scanning of the
1061 code and building of the source tarball, for example, take place after this.
1062 For custom actions that actually build things or produce binaries, use 'build'
1065 You can use $$name$$ to substitute the path to a referenced srclib - see
1066 the @code{srclib} directory for details of this.
1068 You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
1069 android SDK and NDK directories, and Maven 3 executable respectively e.g.
1070 for when you need to run @code{android update project} explicitly. The
1071 following per-build variables are available likewise: $$VERSION$$, $$VERCODE$$
1074 @item scanignore=<path1>[,<path2>,...]
1075 Enables one or more files/paths to be excluded from the scan process.
1076 This should only be used where there is a very good reason, and
1077 probably accompanied by a comment explaining why it is necessary.
1079 When scanning the source tree for problems, matching files whose relative
1080 paths start with any of the paths given here are ignored.
1082 @item scandelete=<path1>[,<path2>,...]
1083 When running the scan process, any files that trigger errors - like binaries -
1084 will be removed. It acts just like scanignore=, but instead of ignoring the
1085 files, it removes them.
1087 Useful when a source code repository includes binaries or other unwanted files
1088 which are not needed for the build. Instead of removing them manually via rm=,
1089 using scandelete= is easier.
1092 As for 'prebuild', but runs during the actual build phase (but before the
1093 main Ant/Maven build). Use this only for actions that do actual building.
1094 Any prepartion of the source code should be done using 'init' or 'prebuild'.
1096 Any building that takes place before build= will be ignored, as either Ant,
1097 mvn or gradle will be executed to clean the build environment right before
1098 build= (or the final build) is run.
1100 You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
1101 android SDK and NDK directories, and maven 3 executable respectively. The
1102 following per-build variables are available likewise: $$VERSION$$,
1103 $$VERCODE$$ and $$COMMIT$$.
1105 @item buildjni=[yes|no|<dir list>]
1106 Enables building of native code via the ndk-build script before doing
1107 the main Ant build. The value may be a list of directories relative
1108 to the main application directory in which to run ndk-build, or 'yes'
1109 which corresponds to '.' . Using explicit list may be useful to build
1110 multi-component projects.
1112 The build and scan processes will complain (refuse to build) if this
1113 parameter is not defined, but there is a @code{jni} directory present.
1114 If the native code is being built by other means like a Gradle task, you
1115 can specify @code{no} here to avoid that. However, if the native code is
1116 actually not required or used, remove the directory instead (using
1117 @code{rm=jni} for example). Using @code{buildjni=no} when the jni code
1118 isn't used nor built will result in an error saying that native
1119 libraries were expected in the resulting package.
1122 Version of the NDK to use in this build. Defaults to the latest NDK release
1123 that included legacy toolchains, so as to not break builds that require
1124 toolchains no longer included in current versions of the NDK.
1126 The buildserver supports r9b with its legacy toolchains, r10e, r11c, r12b,
1127 and the latest release as of writing this document, r13b. You may add
1128 support for more versions by adding them to 'ndk_paths' in your config file.
1130 @item gradle=<flavour1>[,<flavour2>,...]
1131 Build with Gradle instead of Ant, specifying what flavours to use. Flavours
1132 are case sensitive since the path to the output apk is as well.
1134 If only one flavour is given and it is 'yes', no flavour will be used.
1135 Note that for projects with flavours, you must specify at least one
1136 valid flavour since 'yes' will build all of them separately.
1138 @item maven=yes[@@<dir>]
1139 Build with Maven instead of Ant. An extra @@<dir> tells F-Droid to run Maven
1140 inside that relative subdirectory. Sometimes it is needed to use @@.. so that
1141 builds happen correctly.
1143 @item preassemble=<task1>[,<task2>,...]
1144 List of Gradle tasks to be run before the assemble task in a Gradle project
1147 @item gradleprops=<prop1>[,<prop2>,...]
1148 List of Gradle properties to pass via the command line to Gradle. A property
1149 can be of the form @code{foo} or of the form @code{key=value}.
1151 For example: @code{gradleprops=enableFoo,someSetting=bar} will result in
1152 @code{gradle -PenableFoo -PsomeSetting=bar}.
1154 @item antcommands=<target1>[,<target2>,...]
1155 Specify an alternate set of Ant commands (target) instead of the default
1156 'release'. It can't be given any flags, such as the path to a build.xml.
1158 @item output=glob/to/output.apk
1159 Specify a glob path where the resulting unsigned release apk from the
1160 build should be. This can be used in combination with build methods like
1161 @code{gradle=yes} or @code{maven=yes}, but if no build method is
1162 specified, the build is manual. You should run your build commands, such
1163 as @code{make}, in @code{build=}.
1166 Don't check that the version name and code in the resulting apk are
1167 correct by looking at the build output - assume the metadata is
1168 correct. This takes away a useful level of sanity checking, and should
1169 only be used if the values can't be extracted.
1173 Another example, using extra parameters:
1175 @samp{Build Version:1.09.03,10903,45,subdir=Timeriffic,oldsdkloc=yes}
1178 @section AntiFeatures
1180 @cindex AntiFeatures
1182 This is optional - if present, it contains a comma-separated list of any of
1183 the following values, describing an anti-feature the application has.
1184 It is a good idea to mention the reasons for the anti-feature(s) in the
1190 @samp{Ads} - the application contains advertising.
1193 @samp{Tracking} - the application tracks and reports your activity to
1194 somewhere without your consent. It's commonly used for when developers
1195 obtain crash logs without the user's consent, or when an app is useless
1196 without some kind of authentication.
1199 @samp{NonFreeNet} - the application relies on computational services that
1200 are impossible to replace or that the replacement cannot be connected to
1201 without major changes to the app.
1204 @samp{NonFreeAdd} - the application promotes non-free add-ons, such that the
1205 app is effectively an advert for other non-free software and such software is
1206 not clearly labelled as such.
1209 @samp{NonFreeDep} - the application depends on a non-free application (e.g.
1210 Google Maps) - i.e. it requires it to be installed on the device, but does not
1214 @samp{UpstreamNonFree} - the application is or depends on non-free software.
1215 This does not mean that non-free software is included with the app: Most
1216 likely, it has been patched in some way to remove the non-free code. However,
1217 functionality may be missing.
1220 @samp{NonFreeAssets} - the application contains and makes use of non-free
1221 assets. The most common case is apps using artwork - images, sounds, music,
1222 etc - under a non-commercial license.
1231 If this field is present, the application does not get put into the public
1232 index. This allows metadata to be retained while an application is temporarily
1233 disabled from being published. The value should be a description of why the
1234 application is disabled. No apks or source code archives are deleted: to purge
1235 an apk see the Build Version section or delete manually for developer builds.
1236 The field is therefore used when an app has outlived it's usefulness, because
1237 the source tarball is retained.
1240 @section Requires Root
1242 @cindex Requires Root
1244 Set this optional field to "Yes" if the application requires root
1245 privileges to be usable. This lets the client filter it out if the
1246 user so desires. Whether root is required or not, it is good to give
1247 a paragraph in the description to the conditions on which root may be
1248 asked for and the reason for it.
1250 @node Archive Policy
1251 @section Archive Policy
1253 @cindex Archive Policy
1255 This determines the policy for moving old versions of an app to the archive
1256 repo, if one is configured. The configuration sets a default maximum number
1257 of versions kept in the main repo, after which older ones are moved to the
1258 archive. This app-specific policy setting can override that.
1260 Currently the only supported format is "n versions", where n is the number
1261 of versions to keep. Defaults to "3 versions".
1263 @node Update Check Mode
1264 @section Update Check Mode
1266 @cindex Update Check Mode
1268 This determines the method using for determining when new releases are
1269 available - in other words, the updating of the Current Version and Current
1270 Version Code fields in the metadata by the @code{fdroid checkupdates} process.
1276 @code{None} - No checking is done because there's no appropriate automated way
1277 of doing so. Updates should be checked for manually. Use this, for example,
1278 when deploying unstable or patched versions; when builds are done in a directory
1279 different to where the AndroidManifest.xml is; if the developers use the
1280 Gradle build system and store version info in a separate file; if the
1281 developers make a new branch for each release and don't make tags; or if you've
1282 changed the package name or version code logic.
1284 @code{Static} - No checking is done - either development has ceased or new versions
1285 are not desired. This method is also used when there is no other checking method
1286 available and the upstream developer keeps us posted on new versions.
1288 @code{RepoManifest} - At the most recent commit, the AndroidManifest.xml file
1289 is looked for in the directory where it was found in the the most recent build.
1290 The appropriateness of this method depends on the development process used by
1291 the application's developers. You should not specify this method unless you're
1292 sure it's appropriate. For example, some developers bump the version when
1293 commencing development instead of when publishing.
1294 It will return an error if the AndroidManifest.xml has moved to a different
1295 directory or if the package name has changed.
1296 The current version that it gives may not be accurate, since not all
1297 versions are fit to be published. Therefore, before building, it is often
1298 necessary to check if the current version has been published somewhere by the
1299 upstream developers, either by checking for apks that they distribute or for
1300 tags in the source code repository.
1302 It currently works for every repository type to different extents, except
1303 the srclib repo type. For git, git-svn and hg repo types, you may use
1304 "RepoManifest/yourbranch" as UCM so that "yourbranch" would be the branch used
1305 in place of the default one. The default values are "master" for git,
1306 "default" for hg and none for git-svn (it stays in the same branch).
1307 On the other hand, branch support hasn't been implemented yet in bzr and svn,
1308 but RepoManifest may still be used without it.
1310 @code{RepoTrunk} - For svn and git-svn repositories, especially those who
1311 don't have a bundled AndroidManifest.xml file, the Tags and RepoManifest
1312 checks will not work, since there is no version information to obtain. But,
1313 for those apps who automate their build process with the commit ref that HEAD
1314 points to, RepoTrunk will set the Current Version and Current Version Code to
1317 @code{Tags} - The AndroidManifest.xml file in all tagged revisions in the
1318 source repository is checked, looking for the highest version code. The
1319 appropriateness of this method depends on the development process used by the
1320 application's developers. You should not specify this method unless you're sure
1321 it's appropriate. It shouldn't be used if the developers like to tag unstable
1322 versions or are known to forget to tag releases. Like RepoManifest, it will not
1323 return the correct value if the directory containing the AndroidManifest.xml has
1324 moved. Despite these caveats, it is the often the favourite update check mode.
1326 It currently only works for git, hg, bzr and git-svn repositories. In the case
1327 of the latter, the repo URL must contain the path to the trunk and tags or
1328 else no tags will be found.
1330 Optionally append a regex pattern at the end - separated with a space - to
1331 only check the tags matching said pattern. Useful when apps tag non-release
1332 versions such as X.X-alpha, so you can filter them out with something like
1333 @code{.*[0-9]$} which requires tag names to end with a digit.
1335 @code{HTTP} - HTTP requests are used to determine the current version code and
1336 version name. This is controlled by the @code{Update Check Data} field, which
1337 is of the form @code{urlcode|excode|urlver|exver}.
1339 Firstly, if @code{urlcode} is non-empty, the document from that URL is
1340 retrieved, and matched against the regular expression @code{excode}, with the
1341 first group becoming the version code.
1343 Secondly, if @code{urlver} is non-empty, the document from that URL is
1344 retrieved, and matched against the regular expression @code{exver}, with the
1345 first group becoming the version name. The @code{urlver} field can be set to
1346 simply '.' which says to use the same document returned for the version code
1347 again, rather than retrieving a different one.
1350 @node Vercode Operation
1351 @section Vercode Operation
1353 @cindex Vercode Operation
1355 Operation to be applied to the vercode obtained by the defined @code{Update
1356 Check Mode}. @code{%c} will be replaced by the actual vercode, and the whole
1357 string will be passed to python's @code{eval} function.
1359 Especially useful with apps that we want to compile for different ABIs, but
1360 whose vercodes don't always have trailing zeros. For example, with
1361 @code{Vercode Operation} set at something like @code{%c*10 + 4}, we will be
1362 able to track updates and build up to four different versions of every
1365 @node Update Check Ignore
1366 @section Update Check Ignore
1368 @cindex Update Check Ignore
1370 When checking for updates (via @code{Update Check Mode}) this can be used to
1371 specify a regex which, if matched against the version name, causes that version
1372 to be ignored. For example, 'beta' could be specified to ignore version names
1373 that include that text.
1375 @node Update Check Name
1376 @section Update Check Name
1378 @cindex Update Check Name
1380 When checking for updates (via @code{Update Check Mode}) this can be used to
1381 specify the package name to search for. Useful when apps have a static package
1382 name but change it programmatically in some app flavors, by e.g. appending
1383 ".open" or ".free" at the end of the package name.
1385 You can also use @code{Ignore} to ignore package name searching. This should
1386 only be used in some specific cases, for example if the app's build.gradle
1387 file does not contain the package name.
1389 @node Update Check Data
1390 @section Update Check Data
1392 @cindex Update Check Data
1394 Used in conjunction with @code{Update Check Mode} for certain modes.
1396 @node Auto Update Mode
1397 @section Auto Update Mode
1399 @cindex Auto Update Mode
1401 This determines the method using for auto-generating new builds when new
1402 releases are available - in other words, adding a new Build Version line to the
1404 This happens in conjunction with the 'Update Check Mode' functionality - i.e.
1405 when an update is detected by that, it is also processed by this.
1411 @code{None} - No auto-updating is done
1413 @code{Version} - Identifies the target commit (i.e. tag) for the new build based
1414 on the given version specification, which is simply text in which %v and %c are
1415 replaced with the required version name and version code respectively.
1417 For example, if an app always has a tag "2.7.2" corresponding to version 2.7.2,
1418 you would simply specify "Version %v". If an app always has a tag "ver_1234"
1419 for a version with version code 1234, you would specify "Version ver_%c".
1421 Additionally, a suffix can be added to the version name at this stage, to
1422 differentiate F-Droid's build from the original. Continuing the first example
1423 above, you would specify that as "Version +-fdroid %v" - "-fdroid" is the suffix.
1427 @node Current Version
1428 @section Current Version
1430 @cindex Current Version
1432 The name of the version that is current. There may be newer versions of the
1433 application than this (e.g. unstable versions), and there will almost certainly
1434 be older ones. This should be the one that is recommended for general use.
1435 In the event that there is no source code for the current version, or that
1436 non-free libraries are being used, this would ideally be the latest
1437 version that is still free, though it may still be expedient to
1438 retain the automatic update check — see No Source Since.
1440 This field is normally automatically updated - see Update Check Mode.
1442 This is converted to (@code{<marketversion>}) in the public index file.
1444 @node Current Version Code
1445 @section Current Version Code
1447 @cindex Current Version Code
1449 The version code corresponding to the Current Version field. Both these fields
1450 must be correct and matching although it's the current version code that's
1451 used by Android to determine version order and by F-Droid client to determine
1452 which version should be recommended.
1454 This field is normally automatically updated - see Update Check Mode.
1456 If not set or set to @code{0}, clients will recommend the highest version they
1457 can, as if the @code{Current Version Code} was infinite.
1459 This is converted to (@code{<marketvercode>}) in the public index file.
1461 @node No Source Since
1462 @section No Source Since
1464 @cindex No Source Since
1466 In case we are missing the source code for the Current Version reported by
1467 Upstream, or that non-free elements have been introduced, this defines the
1468 first version that began to miss source code.
1469 Apps that are missing source code for just one or a few versions, but provide
1470 source code for newer ones are not to be considered here - this field is
1471 intended to illustrate which apps do not currently distribute source code, and
1472 since when have they been doing so.
1474 @node Update Processing
1475 @chapter Update Processing
1479 There are various mechanisms in place for automatically detecting that updates
1480 are available for applications, with the @code{Update Check Mode} field in the
1481 metadata determining which method is used for a particular application.
1483 Running the @code{fdroid checkupdates} command will apply this method to each
1484 application in the repository and update the @code{Current Version} and
1485 @code{Current Version Code} fields in the metadata accordingly.
1487 As usual, the @code{-p} option can be used with this, to restrict processing
1488 to a particular application.
1490 Note that this only updates the metadata such that we know what the current
1491 published/recommended version is. It doesn't make that version available in
1492 the repository - for that, see the next section.
1496 Adding updates (i.e. new versions of applications already included in the
1497 repository) happens in two ways. The simple case is applications where the
1498 APK files are binaries, retrieved from a developer's published build. In this
1499 case, all that's required is to place the new binary in the @code{Repo}
1500 directory, and the next run of @code{fdroid update} will pick it up.
1502 For applications built from source, it is necessary to add a new
1503 @code{Build Version} line to the metadata file. At the very least, the version
1504 name, version code and commit will be different. It is also possible that the
1505 additional build flags will change between versions.
1507 For processing multiple updates in the metadata at once, it can be useful to
1508 run @code{fdroid update --interactive}. This will check all the applications
1509 in the repository, and where updates are required you will be prompted to
1510 [E]dit the metadata, [I]gnore the update, or [Q]uit altogether.
1513 @chapter Build Server
1515 The Build Server system isolates the builds for each package within a clean,
1516 isolated and secure throwaway virtual machine environment.
1520 Building applications in this manner on a large scale, especially with the
1521 involvement of automated and/or unattended processes, could be considered
1522 a dangerous pastime from a security perspective. This is even more the case
1523 when the products of the build are also distributed widely and in a
1524 semi-automated ("you have updates available") fashion.
1526 Assume that an upstream source repository is compromised. A small selection
1527 of things that an attacker could do in such a situation:
1531 Use custom Ant build steps to execute virtually anything as the user doing
1534 Access the keystore.
1536 Modify the built apk files or source tarballs for other applications in the
1539 Modify the metadata (which includes build scripts, which again, also includes
1540 the ability to execute anything) for other applications in the repository.
1543 Through complete isolation, the repurcussions are at least limited to the
1544 application in question. Not only is the build environment fresh for each
1545 build, and thrown away afterwards, but it is also isolated from the signing
1548 Aside from security issues, there are some applications which have strange
1549 requirements such as custom versions of the NDK. It would be impractical (or
1550 at least extremely messy) to start modifying and restoring the SDK on a
1551 multi-purpose system, but within the confines of a throwaway single-use
1552 virtual machine, anything is possible.
1554 All this is in addition to the obvious advantage of having a standardised
1555 and completely reproducible environment in which builds are made. Additionally,
1556 it allows for specialised custom build environments for particular
1559 @section Setting up a build server
1561 In addition to the basic setup previously described, you will also need
1562 a Vagrant-compatible Debian Testing base box called 'jessie64'.
1564 You can use a different version or distro for the base box, so long as you
1565 don't expect any help making it work. One thing to be aware of is that
1566 working copies of source trees are moved from the host to the guest, so
1567 for example, having subversion v1.6 on the host and v1.7 on the guest
1570 @subsection Creating the Debian base box
1572 The output of this step is a minimal Debian VM that has support for remote
1573 login and provisioning.
1575 Unless you're very trusting, you should create one of these for yourself
1576 from verified standard Debian installation media. However, by popular
1577 demand, the @code{makebuildserver} script will automatically download a
1578 prebuilt image unless instructed otherwise. If you choose to use the
1579 prebuilt image, you may safely skip the rest of this section.
1581 Documentation for creating a base box can be found at
1582 @url{https://www.vagrantup.com/docs/boxes/base.html}.
1584 In addition to carefully following the steps described there, you should
1585 consider the following:
1589 It is advisable to disable udev network device persistence, otherwise any
1590 movement of the VM between machines, or reconfiguration, will result in
1593 For a Debian/Ubuntu default install, just
1594 @code{touch /etc/udev/rules.d/75-persistent-net-generator.rules} to turn
1595 off rule generation, and at the same time, get rid of any rules it's
1596 already created in @code{/etc/udev/rules.d/70-persistent-net.rules}.
1598 Unless you want the VM to become totally inaccessible following a failed
1599 boot, you need to set @code{GRUB_RECORDFAIL_TIMEOUT} to a value other than
1600 -1 in @code{/etc/grub/default} and then run @code{update-grub}.
1603 @subsection Creating the F-Droid base box
1605 The next step in the process is to create @code{makebs.config.py},
1606 using @code{./examples/makebs.config.py} as a reference - look at the settings and
1607 documentation there to decide if any need changing to suit your environment.
1608 There is a path for retrieving the base box if it doesn't exist, and an apt
1609 proxy definition, both of which may need customising for your environment.
1610 You can then go to the @code{fdroidserver} directory and run this:
1616 This will take a long time, and use a lot of bandwidth - most of it spent
1617 installing the necessary parts of the Android SDK for all the various
1618 platforms. Luckily you only need to do it occasionally. Once you have a
1619 working build server image, if the recipes change (e.g. when packages need
1620 to be added) you can just run that script again and the existing one will
1621 be updated in place.
1623 The main sdk/ndk downloads will automatically be cached to speed things
1624 up the next time, but there's no easy way of doing this for the longer
1625 sections which use the SDK's @code{android} tool to install platforms,
1626 add-ons and tools. However, instead of allowing automatic caching, you
1627 can supply a pre-populated cache directory which includes not only these
1628 downloads, but also .tar.gz files for all the relevant additions. If the
1629 provisioning scripts detect these, they will be used in preference to
1630 running the android tools. For example, if you have
1631 @code{buildserver/addons/cache/platforms/android-19.tar.gz} that will be
1632 used when installing the android-19 platform, instead of re-downloading it
1633 using @code{android update sdk --no-ui -t android-19}. It is possible to
1634 create the cache files of this additions from a local installation of the
1635 SDK including these:
1638 cd /path/to/android-sdk/platforms
1639 tar czf android-19.tar.gz android-19
1640 mv android-19.tar.gz /path/to/buildserver/addons/cache/platforms/
1643 If you have already built a buildserver it is also possible to get this
1644 files directly from the buildserver:
1647 vagrant ssh -- -C 'tar -C ~/android-sdk/platforms czf android-19.tar.gz android-19'
1648 vagrant ssh -- -C 'cat ~/android-sdk/platforms/android-19.tar.gz' > /path/to/fdroidserver/buildserver/cache/platforms/android19.tar.gz
1651 Once it's complete you'll have a new base box called 'buildserver' which is
1652 what's used for the actual builds. You can then build packages as normal,
1653 but with the addition of the @code{--server} flag to @code{fdroid build} to
1654 instruct it to do all the hard work within the virtual machine.
1656 The first time a build is done, a new virtual machine is created using the
1657 'buildserver' box as a base. A snapshot of this clean machine state is saved
1658 for use in future builds, to improve performance. You can force discarding
1659 of this snapshot and rebuilding from scratch using the @code{--resetserver}
1660 switch with @code{fdroid build}.
1665 There are two kinds of signing involved in running a repository - the signing
1666 of the APK files generated from source builds, and the signing of the repo
1667 index itself. The latter is optional, but very strongly recommended.
1669 @section Repo Index Signing
1671 When setting up the repository, one of the first steps should be to generate
1672 a signing key for the repository index. This will also create a keystore, which
1673 is a file that can be used to hold this and all other keys used. Consider the
1674 location, security and backup status of this file carefully, then create it as
1677 @code{keytool -genkey -v -keystore my.keystore -alias repokey -keyalg RSA -keysize 2048 -validity 10000}
1679 In the above, replace 'my.keystore' with the name of the keystore file to be
1680 created, and 'repokey' with a name to identify the repo index key by.
1682 You'll be asked for a password for the keystore, AND a password for the key.
1683 They shouldn't be the same. In between, you'll be asked for some identifying
1684 details which will go in the certificate.
1686 The two passwords entered go into @code{config.py}, as @code{keystorepass} and
1687 @code{keypass} respectively. The path to the keystore file, and the alias you
1688 chose for the key also go into that file, as @code{keystore} and
1689 @code{repo_keyalias} respectively.
1691 @section Package Signing
1693 With the repo index signing configured, all that remains to be done for package
1694 signing to work is to set the @code{keydname} field in @code{config.py} to
1695 contain the same identifying details you entered before.
1697 A new key will be generated using these details, for each application that is
1698 built. (If a specific key is required for a particular application, this system
1699 can be overridden using the @code{keyaliases} config settings.
1701 @node Vulnerability Scanning
1702 @chapter Vulnerability Scanning (dscanner)
1704 F-Droid now includes a means of running automated vulnerability scanning
1705 using @uref{https://github.com/mwrlabs/drozer, Drozer}. This is achieved
1706 by starting a docker container, with the Android SDK and Emulator
1707 prepared already, installing drozer into the emulator and scripting the
1708 knobs to scan any fully built and signed APKs.
1710 Note: if your application is not intended to run within an Android
1711 emulator, please do not continue with these instructions. At this time,
1712 the @code{dscanner} feature is fully dependent upon your application
1713 running properly in an emulated environment.
1715 @section Quick Start
1718 @item Ensure that your application is a signed release build
1719 @item @code{fdroid dscanner --init-only} from within the repo
1720 @item Go for a coffee, this takes a long time and requires approximately
1721 6 GB of disk space. Once this is complete, you'll be left with a docker
1722 container running and ready to go.
1723 @item @code{fdroid dscanner --latest app.pkg.name} from within the repo
1724 to run drozer on the latest build of @code{app.pkg.name}
1725 @item If all went well, there should be an ``app.pkg.name_CODE.apk.dscanner''
1726 file in the repo (next to the original APK file)
1727 @item When you're all done scanning packages, you can cleanup the docker
1728 container with: @code{fdroid dscanner --clean-only}
1731 You can also run the drozer scan as an optional part of the overall
1732 @code{fdroid build} operation. This option will trigger a drozer scan of
1733 all signed APKs found in the repo. See @code{fdroid build --help} for
1736 @section Command Line Help
1739 usage: fdroid dscanner [options] [APPID[:VERCODE] [APPID[:VERCODE] ...]]
1741 positional arguments:
1742 app_id app-id with optional versioncode in the form
1746 -h, --help show this help message and exit
1747 -v, --verbose Spew out even more information than normal
1748 -q, --quiet Restrict output to warnings and errors
1749 -l, --latest Scan only the latest version of each package
1750 --clean-after Clean after all scans have finished.
1751 --clean-before Clean before the scans start and rebuild the
1753 --clean-only Clean up all containers and then exit.
1754 --init-only Prepare drozer to run a scan
1755 --repo-path REPO_PATH
1756 Override repo path for built APK files.
1759 @section From Scratch
1761 Because the docker image used to do the Android Emulator and all of that
1762 takes a considerable amount of time to prepare, one has been uploaded to
1763 dockerhub.com for general use. However, the astute researcher will be
1764 weary of any black boxes and want to build their own black box. This
1765 section elaborates how to build the docker image yourself.
1767 From within the F-Droid Server source code directory, @code{cd
1768 ./docker/} in order to begin.
1770 Within this directory are the custom scripting used within the docker
1771 image creation. For conveience, there is a simple Makefile that
1772 wraps the process of creating images into convenient pieces.
1774 @subsection @code{make help}
1777 usage: make help|build|clean|kill|info
1779 help this help screen
1780 build create docker image
1781 clean remove images and containers
1782 kill stop running containers
1783 info details of running container
1786 @subsection @code{make clean}
1788 Stops any running containers (@code{make kill}) and then forcully
1789 removes them from docker. After that, all images associated are also
1792 Note: this will destroy docker images!
1794 @subsection @code{make build}
1796 Builds the actual docker container, tagged
1797 ``dscanner/fdroidserver:latest'' from the local directory. Obviously
1798 this is operating with the @code{Dockerfile} to build and tie everything
1801 @subsection @code{make kill}
1803 @code{docker kill} the container tagged ``dscanner''.
1805 @subsection @code{make info}
1807 Prints some useful information about the currently running dscanner
1808 container (if it is even running). The output of this command is
1809 confusing and raw but useful none-the-less. See example output below:
1812 CONTAINER ID IMAGE COMMAND
1813 CREATED STATUS PORTS
1815 b90a60afe477 dscanner/fdroidserver "/home/drozer/entrypo" 20
1816 minutes ago Up 20 minutes 0.0.0.0:32779->22/tcp,
1817 0.0.0.0:32778->5037/tcp, 0.0.0.0:32777->5554/tcp,
1818 0.0.0.0:32776->5555/tcp, 0.0.0.0:32775->5900/tcp,
1819 0.0.0.0:32774->5901/tcp dscanner
1822 adb connect 172.17.0.2:32776
1825 Typical usage is for finding the ``adb connect'' line or the ``ssh''
1826 port (32779 from the @code{0.0.0.0:32779->22/tcp} note).
1828 @node GNU Free Documentation License
1829 @appendix GNU Free Documentation License