1 \input texinfo @c -*-texinfo-*-
3 @setfilename fdroid.info
4 @settitle F-Droid Server Manual
8 This manual is for the F-Droid repository server tools.
10 Copyright @copyright{} 2010, 2011, 2012, 2013 Ciaran Gultnieks
12 Copyright @copyright{} 2011 Henrik Tunedal, Michael Haas, John Sullivan
14 Copyright @copyright{} 2013 David Black, Daniel Martí
17 Permission is granted to copy, distribute and/or modify this document
18 under the terms of the GNU Free Documentation License, Version 1.3
19 or any later version published by the Free Software Foundation;
20 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
21 A copy of the license is included in the section entitled "GNU
22 Free Documentation License".
27 @title F-Droid Server Manual
28 @author Ciaran Gultnieks and the F-Droid project
30 @vskip 0pt plus 1filll
46 * System Requirements::
48 * Simple Binary Repository::
49 * Building Applications::
50 * Importing Applications::
55 * GNU Free Documentation License::
62 The F-Droid server tools provide various scripts and tools that are used
63 to maintain the main F-Droid application repository. You can use these same
64 tools to create your own additional or alternative repository for publishing,
65 or to assist in creating, testing and submitting metadata to the main
69 @node System Requirements
70 @chapter System Requirements
74 The system requirements for using the tools will vary depending on your
75 intended usage. At the very least, you'll need:
83 The Android SDK Tools and Build-tools.
84 Note that F-Droid does not assume that you have the Android SDK in your
85 @code{PATH}: these directories will be specified in your repository
86 configuration. Recent revisions of the SDK have @code{aapt} located in
87 android-sdk/build-tools/ and it may be necessary to make a symlink to it in
88 android-sdk/platform-tools/
91 If you intend to build applications from source you'll also need most, if not
92 all, of the following:
96 All SDK platforms requested by the apps you want to build
97 (The Android SDK is made available by Google under a proprietary license but
98 within that, the SDK platforms, support library and some other components are
99 under the Apache license and source code is provided.
100 Google APIs, used for building apps using Google Maps, are free to the extent
101 that the library comes pre-installed on the device.
102 Google Play Services, Google Admob and others are proprietary and shouldn't be
103 included in the main F-Droid repository.)
105 A version of the Android NDK
109 Ant Contrib Tasks (Debian package ant-contrib)
111 Maven (Debian package maven)
113 JavaCC (Debian package javacc)
115 JDK (Debian package openjdk-6-jdk): openjdk-6 is recommended though openjdk-7
118 VCS clients: svn, git, git-svn, hg, bzr
120 Miscellaneous packages listed in
121 buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
122 of the F-Droid server repository
124 A keystore for holding release keys. (Safe, secure and well backed up!)
127 If you intend to use the 'Build Server' system, for secure and clean builds
128 (highly recommended), you will also need:
132 VirtualBox (debian package virtualbox)
134 Ruby (debian packages ruby and rubygems)
136 Vagrant (gem install vagrant)
138 Paramiko (debian package python-paramiko)
140 Imaging (debian package python-imaging)
147 @cindex setup, installation
149 Because the tools and data will always change rapidly, you will almost
150 certainly want to work from a git clone of the tools at this stage. To
154 git clone git://gitorious.org/f-droid/fdroidserver.git
157 You now have lots of stuff in the fdroidserver directory, but the most
158 important is the 'fdroid' command script which you run to perform all tasks.
159 This script is always run from a repository data directory, so the
160 most sensible thing to do next is to put your new fdroidserver directory
165 To do anything, you'll need at least one repository data directory. It's
166 from this directory that you run the @code{fdroid} command to perform all
167 repository management tasks. You can either create a brand new one, or
168 grab a copy of the data used by the main F-Droid repository:
171 git clone git://gitorious.org/f-droid/fdroiddata.git
174 Regardless of the intended usage of the tools, you will always need to set
175 up some basic configuration details. This is done by creating a file called
176 @code{config.py} in the data directory. You should do this by copying the
177 example file (@code{config.sample.py}) from the fdroidserver project to your
178 data directory and then editing according to the instructions within.
180 Once configured in this way, all the functionality of the tools is accessed
181 by running the @code{fdroid} command. Run it on its own to get a list of the
182 available sub-commands.
184 You can follow any command with @code{--help} to get a list of additional
185 options available for that command.
192 @node Simple Binary Repository
193 @chapter Simple Binary Repository
197 If you want to maintain a simple repository hosting only binary APKs obtained
198 and compiled elsewhere, the process is quite simple:
202 Set up the server tools, as described in Setup.
204 Make a directory for your repository. This is the directory from which you
205 will do all the work with your repository. Create a config file there, called
206 @code{config.py}, by copying the @code{config.sample.py} from the server
207 project and editing it.
209 Within that, make a directory called @code{repo} and put APK files in it.
211 Run @code{fdroid update}.
213 If it reports that any metadata files are missing, you can create them
214 in the @code{metadata} directory and run it again.
216 To ease creation of metadata files, run @code{fdroid update} with the @code{-c}
217 option. It will create 'skeleton' metadata files that are missing, and you can
218 then just edit them and fill in the details.
220 Then, if you've changed things, run @code{fdroid update} again.
222 Running @code{fdroid update} adds an Icons directory into the repo directory,
223 and also creates the repository index (index.xml, and also index.jar if you've
224 configured the system to use a signed index).
226 Publish the resulting contents of the @code{repo} directory to your web server.
229 Following the above process will result in a @code{repo} directory, which you
230 simply need to push to any HTTP (or preferably HTTPS) server to make it
233 While some information about the applications (and versions thereof) is
234 retrieved directly from the APK files, most comes from the corresponding file
235 in the @code{metadata} directory. The metadata file covering ALL versions of a
236 particular application is named @code{package.id.txt} where package.id is the
237 unique identifier for that package.
239 See the Metadata chapter for details of what goes in the metadata file. All
240 fields are relevant for binary APKs, EXCEPT for 'Build Version' entries, which
244 @node Building Applications
245 @chapter Building Applications
247 Instead of (or as well as) including binary APKs from external sources in a
248 repository, you can build them directly from the source code.
250 Using this method, it is is possible to verify that the application builds
251 correctly, corresponds to the source code, and contains only free software.
252 Unforunately, in the Android world, it seems to be very common for an
253 application supplied as a binary APK to present itself as Free Software
254 when in fact some or all of the following are true:
258 The source code (either for a particular version, or even all versions!) is
259 unavailable or incomplete.
261 The source code is not capable of producing the actual binary supplied.
263 The 'source code' contains binary files of unknown origin, or with proprietary
267 For this reason, source-built applications are the preferred method for the
268 main F-Droid repository, although occasionally for technical or historical
269 reasons, exceptions are made to this policy.
271 When building applications from source, it should be noted that you will be
272 signing them (all APK files must be signed to be installable on Android) with
273 your own key. When an application is already installed on a device, it is not
274 possible to upgrade it in place to a new version signed with a different key
275 without first uninstalling the original. This may present an inconvenience to
276 users, as the process of uninstalling loses any data associated with the
277 previous installation.
279 The process for managing a repository for built-from-source applications is
280 very similar to that described in the Simple Binary Repository chapter,
281 except now you need to:
285 Include Build Version entries in the metadata files.
287 Run @code{fdroid build} to build any applications that are not already built.
289 Run @code{fdroid publish} to finalise packaging and sign any APKs that have
294 @section More about "fdroid build"
296 When run without any parameters, @code{fdroid build} will build any and all
297 versions of applications that you don't already have in the @code{repo}
298 directory (or more accurately, the @code{unsigned} directory). There are various
299 other things you can do. As with all the tools, the @code{--help} option is
300 your friend, but a few annotated examples and discussion of the more common
303 To build a single version of a single application, you could run the
307 ./fdroid build --package=org.fdroid.fdroid --vercode 16
310 This attempts to build version code 16 (which is version 0.25) of the F-Droid
311 client. Many of the tools recognise this @code{--package} parameter, allowing
312 their activity to be limited to just a single package.
314 If the build above was successful, two files will have been placed in the
315 @code{unsigned} directory:
318 org.fdroid.fdroid_16.apk
319 org.fdroid.fdroid_16_src.tar.gz
322 The first is the (unsigned) APK. You could sign this with a debug key and push
323 it direct to your device or an emulator for testing. The second is a source
324 tarball containing exactly the source that was used to generate the binary.
326 If you were intending to publish these files, you could then run:
332 The source tarball would move to the @code{repo} directory (which is the
333 directory you would push to your web server). A signed and zip-aligned version
334 of the APK would also appear there, and both files would be removed from the
335 @code{unsigned} directory.
337 If you're building purely for the purposes of testing, and not intending to
338 push the results to a repository, at least yet, the @code{--test} option can be
339 used to direct output to the @code{tmp} directory instead of @code{unsigned}.
340 A similar effect could by achieved by simply deleting the output files from
341 @code{unsigned} after the build, but with the risk of forgetting to do so!
343 Along similar lines (and only in conjunction with @code{--test}, you can use
344 @code{--force} to force a build of a Disabled application, where normally it
345 would be completely ignored. Similarly a version that was found to contain
346 ELFs or known non-free libraries can be forced to build. See also —
347 scanignore= in the Build Version section.
349 If the build was unsuccessful, you can find out why by looking at the output
350 in the logs/ directory. If that isn't illuminating, try building the app the
351 regular way, step by step: android update project, ndk-build, ant debug.
353 Note that source code repositories often contain prebuilt libraries. If the
354 app is being considered for the main F-Droid repository, it is important that
355 all such prebuilts are built either via the metadata or by a reputable third
359 @section Direct Installation
361 You can also build and install directly to a connected device or emulator using
362 the @code{--install} switch. If you do this without using @code{--package} and
363 @code{--vercode} then all versions of all packages will be installed (with each
364 individual version overwriting the previous!). In most cases, this will not be
365 what you want to do, so execution will stop straight away. However, you can
366 override this if you're sure that's what you want, by using @code{--all}.
367 Note that currently, no sanity checks are performed with this mode, so that if
368 the version is incorrect or that if the package name is different, you won't
372 @node Importing Applications
373 @chapter Importing Applications
375 To help with starting work on including a new application, @code{fdroid import}
376 will take a URL and optionally some other parameters, and attempt to construct
377 as much information as possible by analysing the source code. Basic usage is:
380 ./fdroid import --url=http://address.of.project
383 For this to work, the URL must point to a project format that the script
384 understands. Currently this is limited to one of the following:
388 Gitorious - @code{https://gitorious.org/PROJECTNAME/REPONAME}
390 Github - @code{https://github.com/USER/PROJECT}
392 Google Code - @code{http://code.google.com/p/PROJECT/}
393 Supports git, svn and hg repos.
395 Some Google Code projects have multiple repositories, identified by a
396 dropdown list on the @code{source/checkout} page. To access one other than
397 the default, specify its name using the @code{--repo} switch.
399 Bitbucket - @code{https://bitbucket.org/USER/PROJECT/}
401 Git - @code{git://REPO}
404 Depending on the project type, more or less information may be gathered. For
405 example, the license will be retrieved from a Google Code project, but not a
406 GitHub one. A bare repo url, such as the git:// one, is the least preferable
407 optional of all, since you will have to enter much more information manually.
409 If the import is successful, a metadata file will be created. You will need to
410 edit this further to check the information, and fill in the blanks.
412 If it fails, you'll be told why. If it got as far as retrieving the source
413 code, you can inspect it further by looking in @code{tmp/importer} where a full
416 A frequent cause of initial failure is that the project directory is actually
417 a subdirectory in the repository. In this case, run the importer again using
418 the @code{--subdir} option to tell it where. It will not attempt to determine
419 this automatically, since there may be several options.
427 Information used by update.py to compile the public index comes from two
432 the APK files in the repo directory, and
434 the metadata files in the metadata directory.
437 The metadata files are simple, easy to edit text files, always named as the
438 application's package ID with '.txt' appended.
440 Note that although the metadata files are designed to be easily read and
441 writable by humans, they are also processed and written by various scripts.
442 They are capable of rewriting the entire file when necessary. Even so,
443 the structure and comments will be preserved correctly, although the order
444 of fields will be standardised. (In the event that the original file was
445 in a different order, comments are considered as being attached to the field
446 following them). In fact, you can standardise all the metadata in a single
447 command, without changing the functional content, by running:
450 fdroid rewritemetadata
453 The following sections describe the fields recognised within the file.
474 * Update Check Mode::
475 * Update Check Data::
478 * Current Version Code::
485 A single category for the application to be placed in. There is no fixed list
486 of categories - both the client and the web site will automatically show any
487 categories that exist in any applications. However, if your metadata is
488 intended for the main F-Droid repository, you should use one of the existing
489 categories (look at the site/client), or discuss the proposal to add
492 Additional categories can be specified, by using ';' as a separator. In this
493 case the first is the primary category, and the only one that will be seen by
494 clients that only understand one.
501 The overall license for the application, or in certain cases, for the
514 GNU GPL version 2 or later
522 GNU GPL version 3 or later
526 An unspecified GPL version. Use this only as a last resort or if there is
527 some confusion over compatiblity of component licenses: particularly the use of
528 Apache libraries with GPLv2 source code.
532 Afferro GPL version 3.
544 BSD license - the original '4-clause' version.
548 BSD license - the new, or modified, version.
557 The name of the application as can best be retrieved from the source code.
558 This is done so that the commitupdates script can put a familiar name in
559 the commit description. It is generated automatically when
560 @code{fdroid checkupdates} is run.
567 The name of the application. Normally, this field should not be present since
568 the application's correct name is retrieved from the APK file. However, in a
569 situation where an APK contains a bad or missing application name, it can be
570 overridden using this. Note that this only overrides the name in the list of
571 apps presented in the client; it doesn't changed the name or application label
579 The URL for the application's web site.
586 The URL to view or obtain the application's source code. This should be
587 something human-friendly. Machine-readable source-code is covered in the
591 @section Issue Tracker
593 @cindex Issue Tracker
595 The URL for the application's issue tracker. Optional, since not all
596 applications have one.
603 The URL to donate to the project. This should be the project's donate page
606 It is possible to use a direct PayPal link here, if that is all that is
607 available. However, bear in mind that the developer may not be aware of
608 that direct link, and if they later changed to a different PayPal account,
609 or the PayPal link format changed, things could go wrong. It is always
610 best to use a link that the developer explicitly makes public, rather than
611 something that is auto-generated 'button code'.
618 The project's Flattr (http://flattr.com) ID, if it has one. This should be
619 a numeric ID, such that (for example) https://flattr.com/thing/xxxx leads
620 directly to the page to donate to the project.
627 A bitcoin address for donating to the project.
634 A brief summary of what the application is. Since the summary is only allowed
635 one line on the list of the F-Droid client, keeping it to within 32 characters
636 will ensure it fits even on the smallest screens.
643 A full description of the application, relevant to the latest version.
644 This can span multiple lines (which should be kept to a maximum of 80
645 characters), and is terminated by a line containing a single '.'.
647 Basic MediaWiki-style formatting can be used. Leaving a blank line starts a
648 new paragraph. Surrounding text with @code{''} make it italic, and with
649 @code{'''} makes it bold.
651 You can link to another app in the repo by using @code{[[app.id]]}. The link
652 will be made appropriately whether in the Android client, the web repo
653 browser or the wiki. The link text will be the apps name.
655 Links to web addresses can be done using @code{[http://example.com Text]}.
657 Bulletted lists are done by simply starting each item with a @code{*} on
658 a new line, and numbered lists are the same but using @code{#}. There is
659 currently no support for nesting lists - you can have one level only.
661 It can be helpful to note information pertaining to updating from an
662 earlier version; whether the app contains any prebuilts built by the
663 upstream developers or whether non-free elements were removed; whether the
664 app is in rapid development or whether the latest version lags behind the
665 current version; whether the app supports multiple architectures or whether
666 there is a maximum SDK specified (such info not being recorded in the index).
673 The type of repository - for automatic building from source. If this is not
674 specified, automatic building is disabled for this application. Possible
696 The repository location. Usually a git: or svn: URL, for example.
698 The git-svn option connects to an SVN repository, and you specify the URL in
699 exactly the same way, but git is used as a back-end. This is preferable for
700 performance reasons, and also because a local copy of the entire history is
701 available in case the upstream repository disappears. (It happens!). In
702 order to use Tags as update check mode for this VCS type, the URL must have
703 the tags= special argument set. Likewise, if you intend to use the
704 RepoManifest/branch scheme, you would want to specify branches= as well.
705 Finally, trunk= can also be added. All these special arguments will be passed
706 to "git svn" in order, and their values must be relative paths to the svn repo
708 Here's an example of a complex git-svn Repo URL:
709 http://svn.code.sf.net/p/project/code/svn;trunk=trunk;tags=tags;branches=branches
711 For a Subversion repo that requires authentication, you can precede the repo
712 URL with username:password@ and those parameters will be passed as @option{--username}
713 and @option{--password} to the SVN checkout command. (This works only for
714 plain svn and not for git-svn - one of the very few cases where using svn is
719 @section Build Version
721 @cindex Build Version
723 Any number of these fields can be present, each specifying a version to
724 automatically build from source. The value is a comma-separated list.
727 @samp{Build Version:0.12,3,651696a49be2cd7db5ce6a2fa8185e31f9a20035}
729 The above specifies to build version 0.12, which has a version code of 3.
730 The third parameter specifies the tag, commit or revision number from
731 which to build it in the source repository.
733 If the commit version starts with a !, that version is not built. Instead,
734 everything after the ! is used as a reason why it can't be built. The
735 purpose of this feature is to allow non-buildable releases (e.g. the source
736 is not published) to be flagged, so the scripts don't generate repeated
737 messages about them. (And also to record the information for review later).
738 If an apk has already been built, ! causes it to be deleted once
739 @code{fdroid update} is run; this is the procedure if ever a version has to
742 In addition to the three, always required, parameters described above,
743 further parameters can be added (in name=value format) to apply further
744 configuration to the build. These are (roughly in order of application):
749 Specifies to build from a subdirectory of the checked out source code.
750 Normally this directory is changed to before building,
753 Use if the project (git only) has submodules - causes git submodule
754 init and update to be executed after the source is cloned.
757 As for 'prebuild', but runs on the source code BEFORE any other processing
760 You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
761 android SDK and NDK directories, and maven 3 executable respectively.
764 The sdk location in the repo is in an old format, or the build.xml is
765 expecting such. The 'new' format is sdk.dir while the VERY OLD format
766 is sdk-location. Typically, if you get a message along the lines of:
767 "com.android.ant.SetupTask cannot be found" when trying to build, then
768 try enabling this option.
770 @item target=<target>
771 Specifies a particular SDK target for compilation, overriding the
772 project.properties of the app and possibly sub-projects. Note that this does
773 not change the target SDK in the AndroidManifest.xml — the level of features
774 that can be included in the build. This is likely to cause the whole build.xml
775 to be rewritten, which is fine if it's a 'standard' android file or doesn't
776 already exist, but not a good idea if it's heavily customised. If you get an
777 error about invalid target, first try @code{init=rm -rf bin/}; otherwise this
778 parameter should do the trick.
780 Please note that gradle builds should be using compilesdk=.
782 @item compilesdk=<level>
783 Practically accomplishes the same that target= does when used in ant and maven
784 projects. compilesdk= is used rather than target= so as to not cause any more
785 confusion. It only takes effect on gradle builds in the build.gradle file,
786 thus using it in any other case is not wise.
789 By default, 'android update project' is used to generate or update the
790 build.xml file. Specifying update=no bypasses that.
792 Specifiying update=force forces rebuilding of the build.xml file at the
793 same time - this is frequently needed with r14 of the Android platform
794 tools. Be aware of any customisations in build.xml when using
797 Otherwise, value can be a semicolon-separated list of directories in
798 which to run 'android update project' relative to the main
799 application directory (which may include '@code{subdir}' parameter).
800 Default value is '@code{.}', and passing non-default value may be
801 useful for multi-component projects. Note that @code{--subprojects}
802 switch is automatically passed to 'android update project', so using
803 explicit list may be needed only for peculiar source layouts.
806 Adds a java.encoding property to local.properties with the given
807 value. Generally the value will be 'utf-8'. This is picked up by the
808 SDK's ant rules, and forces the Java compiler to interpret source
809 files with this encoding. If you receive warnings during the compile
810 about character encodings, you probably need this.
812 @item forceversion=yes
813 If specified, the package version in AndroidManifest.xml is replaced
814 with the version name for the build as specified in the metadata.
816 This is useful for cases when upstream repo failed to update it for
817 specific tag; to build an arbitrary revision; to make it apparent that
818 the version differs significantly from upstream; or to make it apparent
819 which architecture or platform the apk is designed to run on.
821 @item forcevercode=yes
822 If specified, the package version code in the AndroidManifest.xml is
823 replaced with the version code for the build. See also forceversion.
826 Specifies the relative path of a file to delete before the build is
827 done. The path is relative to the base of the build directory - i.e.
828 the root of the directory structure checked out from the source
829 respository - not necessarily the directory that contains
832 Multiple files can be specified by separating they with ';'.
835 Modifies any instances of string resources that use multiple
836 formatting arguments, but don't use positional notation. For example,
837 "Hello %s, %d" becomes "Hello %1$s, %2$d". Newer versions of the
838 Android platform tools enforce this sensible standard. If you get
839 error messages relating to that, you need to enable this.
842 Like fixtrans, but deals with an even older issue relating to
843 'unescaped apostrophes' in translation strings.
846 Specifies a list of external libraries (jar files) from the
847 @code{build/extlib} library, which will be placed in the @code{libs} directory
848 of the project. Separate items with semicolons.
850 @item srclibs=a@@r;b@@r1;
851 Specifies a list of source libraries or Android projects. Separate items with
852 semicolons, and each item is of the form name@@rev where name is the predefined
853 source library name and rev is the revision or tag in source control to use.
855 Each srclib has a metadata file under srclibs/ in the repository directory,
856 and the source code is stored in build/srclib/.
857 Repo Type: and Repo: are specified in the same way as for apps; Subdir: can be
858 a comma separated list, for when directories are renamed by upstream; Update
859 Project: updates the projects in the working directory and one level down;
860 Prepare: can be used for any kind of preparation: in particular if you need to
861 update the project with a particular target. You can then also use $$name$$ in
862 the init/prebuild/build command to substitute the relative path to the library
863 directory, but it could need tweaking if you've changed into another directory.
866 Apply patch(es). 'x' names one (or more - comma-seperated)
867 files within a directory below the metadata, with the same
868 name as the metadata file but without the extension. Each of
869 these patches is applied to the code in turn.
872 Specifies a shell command (or commands - chain with &&) to run before
873 the build takes place. Backslash can be used as an escape character to
874 insert literal commas, or as the last character on a line to join that
875 line with the next. It has no special meaning in other contexts; in
876 particular, literal backslashes should not be escaped.
878 The command runs using bash.
880 Note that nothing should be build during this prebuild phase - scanning
881 of the code and building of the source tarball, for example, take place
882 after this. For custom actions that actually build things, use 'build'
885 You can use $$name$$ to substitute the path to a referenced srclib - see
886 the @code{srclib} directory for details of this.
888 You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
889 android SDK and NDK directories, and maven 3 executable respectively e.g.
890 for when you need to run @code{android update project} explicitly.
893 Enables a selection of mad hacks to make com.funambol.android build.
894 Probably not useful for any other application.
896 @item scanignore=path1;path2;...
897 Enables one or more files/paths to be exlcuded from the scan process.
898 This should only be used where there is a very good reason, and
899 probably accompanied by a comment explaining why it is necessary.
901 When scanning, files whose relative paths start with any of the paths
902 given here are ignored.
905 As for 'prebuild', but runs during the actual build phase (but before the
906 main ant/maven build). Use this only for actions that do actual building.
907 Any prepartion of the source code should be done using 'init' or 'prebuild'.
909 You can use $$SDK$$, $$NDK$$ and $$MVN3$$ to substitute the paths to the
910 android SDK and NDK directories, and maven 3 executable respectively.
912 @item buildjni=[yes|no|<dir list>]
913 Enables building of native code via the ndk-build script before doing
914 the main ant build. The value may be a list of directories relative
915 to the main application directory in which to run ndk-build, or 'yes'
916 which corresponds to '.' . Using explicit list may be useful to build
917 multi-component projects.
919 The build and scan processes will complain (refuse to build) if this
920 parameter is not defined, but there is a @code{jni} directory present.
921 If the native code is being built by other means, you can specify
922 @code{no} here to avoid that. However, if the native code is actually
923 not required, remove the directory instead (using @code{prebuild} for
927 Build with maven instead of ant
929 @item gradle=<flavour>[@@<dir>]
930 Build with gradle instead of ant, specifying what flavour to assemble.
931 If <flavour> is 'yes', 'main' or empty, no flavour will be used. Note
932 that this will not work on projects with flavours, since it will build
933 all flavours and there will be no 'main' build.
934 If @@<dir> is attached to <flavour>, then the gradle tasks will be run in that
935 directory. This might be necessary if gradle needs to be run in the parent
936 directory, in which case one would use 'gradle=<flavour>@..'.
938 @item preassemble=<task1> <task2>
939 Space-separated list of gradle tasks to be run before the assemble task
940 in a gradle project build.
943 Normally the build output (apk) is expected to be in the bin
944 subdirectory below the ant build files. If the project is configured
945 to put it elsewhere, that can be specified here, relative to the base
946 of the checked out repo. Not yet implemented for gradle.
949 Specify an alternate ant command (target) instead of the default
950 'release'. It can't be given any flags, such as the path to a build.xml.
953 Don't check that the version name and code in the resulting apk are
954 correct by looking at the build output - assume the metadata is
955 correct. This takes away a useful level of sanity checking, and should
956 only be used if the values can't be extracted.
960 Another example, using extra parameters:
962 @samp{Build Version:1.09.03,10903,45,subdir=Timeriffic,oldsdkloc=yes}
965 @section AntiFeatures
969 This is optional - if present, it contains a comma-separated list of any of
970 the following values, describing an anti-feature the application has.
971 Even though such apps won't be displayed unless a settings box is ticked,
972 it is a good idea to mention the reasons for the anti-feature(s) in the
978 @samp{Ads} - the application contains advertising.
981 @samp{Tracking} - the application tracks and reports your activity to
982 somewhere without your consent. It's commonly used for when developers
983 obtain crash logs without the user's consent, or when an app is useless
984 without some kind of authentication.
987 @samp{NonFreeNet} - the application relies on computational services that
988 are impossible to replace or that the replacement cannot be connected to
989 without major changes to the app.
992 @samp{NonFreeAdd} - the application promotes non-Free add-ons, such that the
993 app is effectively an advert for other non-free software and such software is
994 not clearly labelled as such.
997 @samp{NonFreeDep} - the application depends on a non-Free application (e.g.
998 Google Maps) - i.e. it requires it to be installed on the device, but does not
1008 If this field is present, the application does not get put into the public
1009 index. This allows metadata to be retained while an application is temporarily
1010 disabled from being published. The value should be a description of why the
1011 application is disabled. No apks or source code archives are deleted: to purge
1012 an apk see the Build Version section or delete manually for developer builds.
1013 The field is therefore used when an app has outlived it's usefulness, because
1014 the source tarball is retained.
1017 @section Requires Root
1019 @cindex Requires Root
1021 Set this optional field to "Yes" if the application requires root
1022 privileges to be usable. This lets the client filter it out if the
1023 user so desires. Whether root is required or not, it is good to give
1024 a paragraph in the description to the conditions on which root may be
1025 asked for and the reason for it.
1027 @node Update Check Mode
1028 @section Update Check Mode
1030 @cindex Update Check Mode
1032 This determines the method using for determining when new releases are
1033 available - in other words, the updating of the Current Version and Current
1034 Version Code fields in the metadata by the @code{fdroid checkupdates} process.
1040 @code{None} - No checking is done because there's no appropriate automated way
1041 of doing so. Updates should be checked for manually. Use this, for example,
1042 when deploying betas or patched versions; when builds are done in a directory
1043 different to where the AndroidManifest.xml is; if the developers use the
1044 gradle build system and store version info in a separate file; if the
1045 developers make a new branch for each release and don't make tags; or if you've
1046 changed the package name or version code logic.
1048 @code{Static} - No checking is done—either development has ceased or new versions
1049 are not desired. This method is also used when there is no other checking method
1050 available and the upstream developer keeps us posted on new versions.
1052 @code{RepoManifest} - At the most recent commit, the AndroidManifest.xml file
1053 is looked for in the directory where it was found in the the most recent build.
1054 The appropriateness of this method depends on the development process used by
1055 the application's developers. You should not specify this method unless you're
1056 sure it's appropriate. For example, some developers bump the version when
1057 commencing development instead of when publishing.
1058 It will return an error if the AndroidManifest.xml has moved to a different
1059 directory or if the package name has changed.
1060 The current version that it gives may not be accurate, since not all
1061 versions are fit to be published. Therefore, before building, it is often
1062 necessary to check if the current version has been published somewhere by the
1063 upstream developers, either by checking for apks that they distribute or for
1064 tags in the source code repository.
1066 It currently works for every repository type to different extents, except
1067 the srclib repo type. For git, git-svn and hg repo types, you may use
1068 "RepoManifest/yourbranch" as UCM so that "yourbranch" would be the branch used
1069 in place of the default one. The default values are "master" for git,
1070 "default" for hg and none for git-svn (it stays in the same branch).
1071 On the other hand, branch support hasn't been implemented yet in bzr and svn,
1072 but RepoManifest may still be used without it.
1074 @code{Tags} - The AndroidManifest.xml file in all tagged revisions in the
1075 source repository is checked, looking for the highest version code. The
1076 appropriateness of this method depends on the development process used by the
1077 application's developers. You should not specify this method unless you're sure
1078 it's appropriate. It shouldn't be used if the developers like to tag betas or
1079 are known to forget to tag releases. Like RepoManifest, it will not return the
1080 correct value if the directory containing the AndroidManifest.xml has moved.
1081 Despite these caveats, it is the often the favourite update check mode.
1083 It currently only works for git, hg and git-svn repositories. In the case of
1084 the latter, the repo URL must encode the path to the trunk and tags or else no
1087 @code{HTTP} - HTTP requests are used to determine the current version code and
1088 version name. This is controlled by the @code{Update Check Data} field, which
1089 is of the form @code{urlcode|excode|urlver|exver}.
1091 Firstly, if @code{urlcode} is non-empty, the document from that URL is
1092 retrieved, and matched against the regular expression @code{excode}, with the
1093 first group becoming the version code.
1095 Secondly, if @code{urlver} is non-empty, the document from that URL is
1096 retrieved, and matched against the regular expression @code{exver}, with the
1097 first group becoming the version name. The @code{urlver} field can be set to
1098 simply '.' which says to use the same document returned for the version code
1099 again, rather than retrieving a different one.
1102 @node Update Check Data
1103 @section Update Check Data
1105 @cindex Update Check Data
1107 Used in conjunction with @code{Update Check Mode} for certain modes.
1109 @node Auto Update Mode
1110 @section Auto Update Mode
1112 @cindex Auto Update Mode
1114 This determines the method using for auto-generating new builds when new
1115 releases are available - in other words, adding a new Build Version line to the
1117 This happens in conjunction with the 'Update Check Mode' functionality - i.e.
1118 when an update is detected by that, it is also processed by this.
1124 @code{None} - No auto-updating is done
1126 @code{Version} - Identifies the target commit (i.e. tag) for the new build based
1127 on the given version specification, which is simply text in which %v and %c are
1128 replaced with the required version name and version code respectively.
1130 For example, if an app always has a tag "2.7.2" corresponding to version 2.7.2,
1131 you would simply specify "Version %v". If an app always has a tag "ver_1234"
1132 for a version with version code 1234, you would specify "Version ver_%c".
1134 Additionally, a suffix can be added to the version name at this stage, to
1135 differentiate F-Droid's build from the original. Continuing the first example
1136 above, you would specify that as "Version +-fdroid %v" - "-fdroid" is the suffix.
1140 @node Current Version
1141 @section Current Version
1143 @cindex Current Version
1145 The name of the version that is current. There may be newer versions of the
1146 application than this (e.g. betas), and there will almost certainly be older
1147 ones. This should be the one that is recommended for general use.
1148 In the event that there is no source code for the current version, or that
1149 non-free libraries are being used, this would ideally be the latest
1150 version that is still free, though it may still be expedient to
1151 retain the automatic update check — see No Source Since.
1153 This field is normally automatically updated - see Update Check Mode.
1155 @node Current Version Code
1156 @section Current Version Code
1158 @cindex Current Version Code
1160 The version code corresponding to the Current Version field. Both these fields
1161 must be correct and matching although it's the current version code that's
1162 used by Android to determine version order and by F-Droid client to determine
1163 which version should be recommended.
1165 This field is normally automatically updated - see Update Check Mode.
1167 @node No Source Since
1168 @section No Source Since
1170 @cindex No Source Since
1172 In case we are missing the source code for the Current Version reported by
1173 Upstream, or that non-free elements have been introduced, this defines the
1174 first version that began to miss source code.
1175 Apps that are missing source code for just one or a few versions, but provide
1176 source code for newer ones are not to be considered here - this field is
1177 intended to illustrate which apps do not currently distribute source code, and
1178 since when have they been doing so.
1180 @node Update Processing
1181 @chapter Update Processing
1185 There are various mechanisms in place for automatically detecting that updates
1186 are available for applications, with the @code{Update Check Mode} field in the
1187 metadata determining which method is used for a particular application.
1189 Running the @code{fdroid checkupdates} command will apply this method to each
1190 application in the repository and update the @code{Current Version} and
1191 @code{Current Version Code} fields in the metadata accordingly.
1193 As usual, the @code{-p} option can be used with this, to restrict processing
1194 to a particular application.
1196 Note that this only updates the metadata such that we know what the current
1197 published/recommended version is. It doesn't make that version available in
1198 the repository - for that, see the next section.
1202 Adding updates (i.e. new versions of applications already included in the
1203 repository) happens in two ways. The simple case is applications where the
1204 APK files are binaries, retrieved from a developer's published build. In this
1205 case, all that's required is to place the new binary in the @code{Repo}
1206 directory, and the next run of @code{fdroid update} will pick it up.
1208 For applications built from source, it is necessary to add a new
1209 @code{Build Version} line to the metadata file. At the very least, the version
1210 name, version code and commit will be different. It is also possible that the
1211 additional build flags will change between versions.
1213 For processing multiple updates in the metadata at once, it can be useful to
1214 run @code{fdroid update --interactive}. This will check all the applications
1215 in the repository, and where updates are required you will be prompted to
1216 [E]dit the metadata, [I]gnore the update, or [Q]uit altogether.
1219 @chapter Build Server
1221 The Build Server system isolates the builds for each package within a clean,
1222 isolated and secure throwaway virtual machine environment.
1226 Building applications in this manner on a large scale, especially with the
1227 involvement of automated and/or unattended processes, could be considered
1228 a dangerous pastime from a security perspective. This is even more the case
1229 when the products of the build are also distributed widely and in a
1230 semi-automated ("you have updates available") fashion.
1232 Assume that an upstream source repository is compromised. A small selection
1233 of things that an attacker could do in such a situation:
1237 Use custom ant build steps to execute virtually anything as the user doing
1240 Access the keystore.
1242 Modify the built apk files or source tarballs for other applications in the
1245 Modify the metadata (which includes build scripts, which again, also includes
1246 the ability to execute anything) for other applications in the repository.
1249 Through complete isolation, the repurcussions are at least limited to the
1250 application in question. Not only is the build environment fresh for each
1251 build, and thrown away afterwards, but it is also isolated from the signing
1254 Aside from security issues, there are some applications which have strange
1255 requirements such as custom versions of the NDK. It would be impractical (or
1256 at least extremely messy) to start modifying and restoring the SDK on a
1257 multi-purpose system, but within the confines of a throwaway single-use
1258 virtual machine, anything is possible.
1260 All this is in addition to the obvious advantage of having a standardised
1261 and completely reproducible environment in which builds are made. Additionally,
1262 it allows for specialised custom build environments for particular
1265 @section Setting up a build server
1267 In addition to the basic setup previously described, you will also need
1268 a Vagrant-compatible Ubuntu Raring base box called 'raring32' (or raring64
1269 for a 64-bit VM, if you want it to be much slower, and require more disk
1272 You can use a different version or distro for the base box, so long as you
1273 don't expect any help making it work. One thing to be aware of is that
1274 working copies of source trees are moved from the host to the guest, so
1275 for example, having subversion v1.6 on the host and v1.7 on the guest
1278 Unless you're very trusting. you should create one of these for yourself
1279 from verified standard Ubuntu installation media. However, you could skip
1280 over the next few paragraphs (and sacrifice some security) by downloading
1281 @url{https://f-droid.org/raring32.box} or @url{https://f-droid.org/raring64.box}.
1283 Documentation for creating a base box can be found at
1284 @url{http://docs.vagrantup.com/v1/docs/base_boxes.html}.
1286 In addition to carefully following the steps described there, you should
1287 consider the following:
1291 It is advisable to disable udev network device persistence, otherwise any
1292 movement of the VM between machines, or reconfiguration, will result in
1295 For a Debian/Ubuntu default install, just
1296 @code{touch /etc/udev/rules.d/75-persistent-net-generator.rules} to turn
1297 off rule generation, and at the same time, get rid of any rules it's
1298 already created in @code{/etc/udev/rules.d/70-persistent-net.rules}.
1300 Unless you want the VM to become totally inaccessible following a failed
1301 boot, you need to set @code{GRUB_RECORDFAIL_TIMEOUT} to a value other than
1302 -1 in @code{/etc/grub/default} and then run @code{update-grub}.
1305 You may also want to edit @code{buildserver/Vagrantfile} - in particular
1306 there is a path for retrieving the base box if it doesn't exist, and an
1307 apt proxy definition, both of which may need customising for your
1310 With this base box available, you should then create @code{makebs.config.py},
1311 using @code{makebs.config.sample.py} as a reference - look at the settings and
1312 documentation there to decide if any need changing to suit your environment.
1313 You can then go to the @code{fdroidserver} directory and run this:
1316 ./makebuildserver.py
1319 This will take a long time, and use a lot of bandwidth - most of it spent
1320 installing the necessary parts of the Android SDK for all the various
1321 platforms. Luckily you only need to do it occasionally. Once you have a
1322 working build server image, if the recipes change (e.g. when packages need
1323 to be added) you can just run that script again and the existing one will
1324 be updated in place.
1326 The main sdk/ndk downloads will automatically be cached to speed things
1327 up the next time, but there's no easy way of doing this for the longer
1328 sections which use the SDK's @code{android} tool to install platforms,
1329 add-ons and tools. However, instead of allowing automatic caching, you
1330 can supply a pre-populated cache directory which includes not only these
1331 downloads, but also .tar.gz files for all the relevant additions. If the
1332 provisioning scripts detect these, they will be used in preference to
1333 running the android tools. For example, if you have
1334 @code{buildserver/addons/cache/platforms/android-15.tar.gz} that will be
1335 used when installing the android-15 platform, instead of re-downloading it
1336 using @code{android update sdk --no-ui -t android-15}.
1338 Once it's complete you'll have a new base box called 'buildserver' which is
1339 what's used for the actual builds. You can then build packages as normal,
1340 but with the addition of the @code{--server} flag to @code{fdroid build} to
1341 instruct it to do all the hard work within the virtual machine.
1343 The first time a build is done, a new virtual machine is created using the
1344 'buildserver' box as a base. A snapshot of this clean machine state is saved
1345 for use in future builds, to improve performance. You can force discarding
1346 of this snapshot and rebuilding from scratch using the @code{--resetserver}
1347 switch with @code{fdroid build}.
1352 There are two kinds of signing involved in running a repository - the signing
1353 of the APK files generated from source builds, and the signing of the repo
1354 index itself. The latter is optional, but very strongly recommended.
1356 @section Repo Index Signing
1358 When setting up the repository, one of the first steps should be to generate
1359 a signing key for the repository index. This will also create a keystore, which
1360 is a file that can be used to hold this and all other keys used. Consider the
1361 location, security and backup status of this file carefully, then create it as
1364 @code{keytool -genkey -v -keystore my.keystore -alias repokey -keyalg RSA -keysize 2048 -validity 10000}
1366 In the above, replace 'my.keystore' with the name of the keystore file to be
1367 created, and 'repokey' with a name to identify the repo index key by.
1369 You'll be asked for a password for the keystore, AND a password for the key.
1370 They shouldn't be the same. In between, you'll be asked for some identifying
1371 details which will go in the certificate.
1373 The two passwords entered go into @code{config.py}, as @code{keystorepass} and
1374 @code{keypass} respectively. The path to the keystore file, and the alias you
1375 chose for the key also go into that file, as @code{keystore} and
1376 @code{repo_keyalias} respectively.
1378 @section Package Signing
1380 With the repo index signing configured, all that remains to be done for package
1381 signing to work is to set the @code{keydname} field in @code{config.py} to
1382 contain the same identifying details you entered before.
1384 A new key will be generated using these details, for each application that is
1385 built. (If a specific key is required for a particular application, this system
1386 can be overridden using the @code{keyaliases} config settings.
1389 @node GNU Free Documentation License
1390 @appendix GNU Free Documentation License