BuildException, VerificationException
from .asynchronousfilereader import AsynchronousFileReader
+# this is the build-tools version, aapt has a separate version that
+# has to be manually set in test_aapt_version()
+MINIMUM_AAPT_VERSION = '26.0.0'
# A signature block file with a .DSA, .RSA, or .EC extension
CERT_PATH_REGEX = re.compile(r'^META-INF/.*\.(DSA|EC|RSA)$')
default_config = {
'sdk_path': "$ANDROID_HOME",
'ndk_paths': {
- 'r9b': None,
'r10e': None,
'r11c': None,
'r12b': "$ANDROID_NDK",
'r13b': None,
'r14b': None,
'r15c': None,
- 'r16': None,
+ 'r16b': None,
},
- 'qt_sdk_path': None,
- 'build_tools': "25.0.2",
+ 'build_tools': MINIMUM_AAPT_VERSION,
'force_build_tools': False,
'java_paths': None,
'ant': "ant",
# the Debian package has the version string like "v0.2-23.0.2"
too_old = False
if '.' in bugfix:
- if LooseVersion(bugfix) < LooseVersion('24.0.0'):
+ if LooseVersion(bugfix) < LooseVersion(MINIMUM_AAPT_VERSION):
too_old = True
- elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.2964546'):
+ elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.4062713'):
too_old = True
if too_old:
- logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-24.0.0 or newer!")
- .format(aapt=aapt))
+ logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-{version} or newer!")
+ .format(aapt=aapt, version=MINIMUM_AAPT_VERSION))
else:
logging.warning(_('Unknown version of aapt, might cause problems: ') + output)
#
# supported in git >= 2.3
git_config = [
- '-c', 'core.sshCommand=false',
+ '-c', 'core.askpass=/bin/true',
+ '-c', 'core.sshCommand=/bin/false',
'-c', 'url.https://.insteadOf=ssh://',
]
for domain in ('bitbucket.org', 'github.com', 'gitlab.com'):
git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain)
envs.update({
'GIT_TERMINAL_PROMPT': '0',
- 'GIT_SSH': 'false', # for git < 2.3
+ 'GIT_ASKPASS': '/bin/true',
+ 'SSH_ASKPASS': '/bin/true',
+ 'GIT_SSH': '/bin/false', # for git < 2.3
})
return FDroidPopen(['git', ] + git_config + args,
envs=envs, cwd=cwd, output=output)
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
# Brand new checkout
- p = self.git(['clone', self.remote, self.local])
+ p = self.git(['clone', '--', self.remote, self.local])
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Git clone failed", p.output)
if 'Multiple remote HEAD branches' not in lines[0]:
raise VCSException(_("Git remote set-head failed"), p.output)
branch = lines[1].split(' ')[-1]
- p2 = FDroidPopen(['git', 'remote', 'set-head', 'origin', branch], cwd=self.local, output=False)
+ p2 = FDroidPopen(['git', 'remote', 'set-head', 'origin', '--', branch],
+ cwd=self.local, output=False)
if p2.returncode != 0:
raise VCSException(_("Git remote set-head failed"), p.output + '\n' + p2.output)
self.refreshed = True
def git(self, args, envs=dict(), cwd=None, output=True):
'''Prevent git fetch/clone/submodule from hanging at the username/password prompt
+
+ AskPass is set to /bin/true to let the process try to connect
+ without a username/password.
+
+ The SSH command is set to /bin/false to block all SSH URLs
+ (supported in git >= 2.3). This protects against
+ CVE-2017-1000117.
+
'''
- # CVE-2017-1000117 block all SSH URLs (supported in git >= 2.3)
- config = ['-c', 'core.sshCommand=false']
+ git_config = [
+ '-c', 'core.askpass=/bin/true',
+ '-c', 'core.sshCommand=/bin/false',
+ ]
envs.update({
'GIT_TERMINAL_PROMPT': '0',
- 'GIT_SSH': 'false', # for git < 2.3
- 'SVN_SSH': 'false',
+ 'GIT_ASKPASS': '/bin/true',
+ 'SSH_ASKPASS': '/bin/true',
+ 'GIT_SSH': '/bin/false', # for git < 2.3
+ 'SVN_SSH': '/bin/false',
})
- return FDroidPopen(['git', ] + config + args,
+ return FDroidPopen(['git', ] + git_config + args,
envs=envs, cwd=cwd, output=output)
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
# Brand new checkout
gitsvn_args = ['svn', 'clone']
+ remote = None
if ';' in self.remote:
remote_split = self.remote.split(';')
for i in remote_split[1:]:
gitsvn_args.extend(['-t', i[5:]])
elif i.startswith('branches='):
gitsvn_args.extend(['-b', i[9:]])
- gitsvn_args.extend([remote_split[0], self.local])
- p = self.git(gitsvn_args, output=False)
- if p.returncode != 0:
- self.clone_failed = True
- raise VCSException("Git svn clone failed", p.output)
+ remote = remote_split[0]
else:
- gitsvn_args.extend([self.remote, self.local])
- p = self.git(gitsvn_args, output=False)
- if p.returncode != 0:
- self.clone_failed = True
- raise VCSException("Git svn clone failed", p.output)
+ remote = self.remote
+
+ gitsvn_args.extend(['--', remote, self.local])
+ p = self.git(gitsvn_args)
+ if p.returncode != 0:
+ self.clone_failed = True
+ raise VCSException(_('git svn clone failed'), p.output)
self.checkrepo()
else:
self.checkrepo()
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
- p = FDroidPopen(['hg', 'clone', '--ssh', 'false', self.remote, self.local], output=False)
+ p = FDroidPopen(['hg', 'clone', '--ssh', 'false', '--', self.remote, self.local],
+ output=False)
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Hg clone failed", p.output)
for line in p.output.splitlines():
if not line.startswith('? '):
raise VCSException("Unexpected output from hg status -uS: " + line)
- FDroidPopen(['rm', '-rf', line[2:]], cwd=self.local, output=False)
+ FDroidPopen(['rm', '-rf', '--', line[2:]], cwd=self.local, output=False)
if not self.refreshed:
p = FDroidPopen(['hg', 'pull', '--ssh', 'false'], cwd=self.local, output=False)
if p.returncode != 0:
rev = rev or 'default'
if not rev:
return
- p = FDroidPopen(['hg', 'update', '-C', rev], cwd=self.local, output=False)
+ p = FDroidPopen(['hg', 'update', '-C', '--', rev], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Hg checkout of '%s' failed" % rev, p.output)
p = FDroidPopen(['hg', 'purge', '--all'], cwd=self.local, output=False)
if srclib["Prepare"]:
cmd = replace_config_vars(srclib["Prepare"], build)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=libdir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=libdir)
if p.returncode != 0:
raise BuildException("Error running prepare command for srclib %s"
% name, p.output)
cmd = replace_config_vars(build.init, build)
logging.info("Running 'init' commands in %s" % root_dir)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=root_dir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=root_dir)
if p.returncode != 0:
raise BuildException("Error running init command for %s:%s" %
(app.id, build.versionName), p.output)
libpath = os.path.relpath(libpath, root_dir)
cmd = cmd.replace('$$' + name + '$$', libpath)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=root_dir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=root_dir)
if p.returncode != 0:
raise BuildException("Error running prebuild command for %s:%s" %
(app.id, build.versionName), p.output)
p = None
try:
p = subprocess.Popen(commands, cwd=cwd, shell=False, env=process_env,
- stdout=subprocess.PIPE, stderr=stderr_param)
+ stdin=subprocess.DEVNULL, stdout=subprocess.PIPE,
+ stderr=stderr_param)
except OSError as e:
raise BuildException("OSError while trying to execute " +
' '.join(commands) + ': ' + str(e))
cmd = cmd.replace('$$SDK$$', config['sdk_path'])
cmd = cmd.replace('$$NDK$$', build.ndk_path())
cmd = cmd.replace('$$MVN3$$', config['mvn3'])
- cmd = cmd.replace('$$QT$$', config['qt_sdk_path'] or '')
if build is not None:
cmd = replace_build_vars(cmd, build)
return cmd
if get_minSdkVersion_aapt(unsigned_path) < 18:
signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
else:
- signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA256']
+ signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS',
examplesdir = prefix + '/examples'
return examplesdir
+
+
+def get_wiki_timestamp(timestamp=None):
+ """Return current time in the standard format for posting to the wiki"""
+
+ if timestamp is None:
+ timestamp = time.gmtime()
+ return time.strftime("%Y-%m-%d %H:%M:%SZ", timestamp)
+
+
+def get_android_tools_versions(ndk_path=None):
+ '''get a list of the versions of all installed Android SDK/NDK components'''
+
+ global config
+ sdk_path = config['sdk_path']
+ if sdk_path[-1] != '/':
+ sdk_path += '/'
+ components = []
+ if ndk_path:
+ ndk_release_txt = os.path.join(ndk_path, 'RELEASE.TXT')
+ if os.path.isfile(ndk_release_txt):
+ with open(ndk_release_txt, 'r') as fp:
+ components.append((os.path.basename(ndk_path), fp.read()[:-1]))
+
+ pattern = re.compile('^Pkg.Revision=(.+)', re.MULTILINE)
+ for root, dirs, files in os.walk(sdk_path):
+ if 'source.properties' in files:
+ source_properties = os.path.join(root, 'source.properties')
+ with open(source_properties, 'r') as fp:
+ m = pattern.search(fp.read())
+ if m:
+ components.append((root[len(sdk_path):], m.group(1)))
+
+ return components
+
+
+def get_android_tools_version_log(ndk_path=None):
+ '''get a list of the versions of all installed Android SDK/NDK components'''
+ log = '== Installed Android Tools ==\n\n'
+ components = get_android_tools_versions(ndk_path)
+ for name, version in sorted(components):
+ log += '* ' + name + ' (' + version + ')\n'
+
+ return log