minor = m.group(2)
bugfix = m.group(3)
# the Debian package has the version string like "v0.2-23.0.2"
- if '.' not in bugfix and LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.2166767'):
- logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-23.0.0 or newer!")
+ too_old = False
+ if '.' in bugfix:
+ if LooseVersion(bugfix) < LooseVersion('24.0.0'):
+ too_old = True
+ elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.2964546'):
+ too_old = True
+ if too_old:
+ logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-24.0.0 or newer!")
.format(aapt=aapt))
else:
logging.warning(_('Unknown version of aapt, might cause problems: ') + output)
with open(path, 'r') as f:
buildfile = f.read()
- regex_string = r"" + flavour + ".*?}"
+ regex_string = r"" + flavour + "[^}]*?{.*?}"
search = re.compile(regex_string, re.DOTALL)
result = search.search(buildfile)
"""
- if subprocess.call([config['jarsigner'], '-strict', '-verify', jar]) != 4:
- raise VerificationException(_("The repository's index could not be verified."))
+ error = _('JAR signature failed to verify: {path}').format(path=jar)
+ try:
+ output = subprocess.check_output([config['jarsigner'], '-strict', '-verify', jar],
+ stderr=subprocess.STDOUT)
+ raise VerificationException(error + '\n' + output.decode('utf-8'))
+ except subprocess.CalledProcessError as e:
+ if e.returncode == 4:
+ logging.debug(_('JAR signature verified: {path}').format(path=jar))
+ else:
+ raise VerificationException(error + '\n' + e.output.decode('utf-8'))
def verify_apk_signature(apk, min_sdk_version=None):
args = [config['apksigner'], 'verify']
if min_sdk_version:
args += ['--min-sdk-version=' + min_sdk_version]
- return subprocess.call(args + [apk]) == 0
+ if options.verbose:
+ args += ['--verbose']
+ try:
+ output = subprocess.check_output(args + [apk])
+ if options.verbose:
+ logging.debug(apk + ': ' + output.decode('utf-8'))
+ return True
+ except subprocess.CalledProcessError as e:
+ logging.error('\n' + apk + ': ' + e.output.decode('utf-8'))
else:
- logging.warning("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner")
+ if not config.get('jarsigner_warning_displayed'):
+ config['jarsigner_warning_displayed'] = True
+ logging.warning(_("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner"))
try:
verify_jar_signature(apk)
return True
- except Exception:
- pass
+ except Exception as e:
+ logging.error(e)
return False
with open(_java_security, 'w') as fp:
fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
- return subprocess.call([config['jarsigner'], '-J-Djava.security.properties=' + _java_security,
- '-strict', '-verify', apk]) == 4
+ try:
+ cmd = [
+ config['jarsigner'],
+ '-J-Djava.security.properties=' + _java_security,
+ '-strict', '-verify', apk
+ ]
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ if e.returncode != 4:
+ output = e.output
+ else:
+ logging.debug(_('JAR signature verified: {path}').format(path=apk))
+ return True
+
+ logging.error(_('Old APK signature failed to verify: {path}').format(path=apk)
+ + '\n' + output.decode('utf-8'))
+ return False
apk_badchars = re.compile('''[/ :;'"]''')