with open(path, 'r') as f:
buildfile = f.read()
- regex_string = r"" + flavour + ".*?}"
+ regex_string = r"" + flavour + "[^}]*?{.*?}"
search = re.compile(regex_string, re.DOTALL)
result = search.search(buildfile)
"""
- if subprocess.call([config['jarsigner'], '-strict', '-verify', jar]) != 4:
- raise VerificationException(_("The repository's index could not be verified."))
+ error = _('JAR signature failed to verify: {path}').format(path=jar)
+ try:
+ output = subprocess.check_output([config['jarsigner'], '-strict', '-verify', jar],
+ stderr=subprocess.STDOUT)
+ raise VerificationException(error + '\n' + output.decode('utf-8'))
+ except subprocess.CalledProcessError as e:
+ if e.returncode == 4:
+ logging.debug(_('JAR signature verified: {path}').format(path=jar))
+ else:
+ raise VerificationException(error + '\n' + e.output.decode('utf-8'))
def verify_apk_signature(apk, min_sdk_version=None):
args = [config['apksigner'], 'verify']
if min_sdk_version:
args += ['--min-sdk-version=' + min_sdk_version]
- return subprocess.call(args + [apk]) == 0
+ if options.verbose:
+ args += ['--verbose']
+ try:
+ output = subprocess.check_output(args + [apk])
+ if options.verbose:
+ logging.debug(apk + ': ' + output.decode('utf-8'))
+ return True
+ except subprocess.CalledProcessError as e:
+ logging.error('\n' + apk + ': ' + e.output.decode('utf-8'))
else:
- logging.warning("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner")
+ if not config.get('jarsigner_warning_displayed'):
+ config['jarsigner_warning_displayed'] = True
+ logging.warning(_("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner"))
try:
verify_jar_signature(apk)
return True
- except Exception:
- pass
+ except Exception as e:
+ logging.error(e)
return False
with open(_java_security, 'w') as fp:
fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
- return subprocess.call([config['jarsigner'], '-J-Djava.security.properties=' + _java_security,
- '-strict', '-verify', apk]) == 4
+ try:
+ cmd = [
+ config['jarsigner'],
+ '-J-Djava.security.properties=' + _java_security,
+ '-strict', '-verify', apk
+ ]
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ if e.returncode != 4:
+ output = e.output
+ else:
+ logging.debug(_('JAR signature verified: {path}').format(path=apk))
+ return True
+
+ logging.error(_('Old APK signature failed to verify: {path}').format(path=apk)
+ + '\n' + output.decode('utf-8'))
+ return False
apk_badchars = re.compile('''[/ :;'"]''')
if localmodule not in sys.path:
sys.path.insert(0, localmodule)
+import fdroidserver.index
import fdroidserver.signindex
import fdroidserver.common
import fdroidserver.metadata
config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
fdroidserver.common.config = config
+ self.assertTrue(fdroidserver.common.verify_apk_signature('bad-unicode-πÇÇ现代通用字-български-عربي1.apk'))
+ self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk'))
+ self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk'))
+ self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk'))
+ self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk'))
+ self.assertTrue(fdroidserver.common.verify_apk_signature('org.dyndns.fules.ck_20.apk'))
self.assertTrue(fdroidserver.common.verify_apk_signature('urzip.apk'))
self.assertFalse(fdroidserver.common.verify_apk_signature('urzip-badcert.apk'))
self.assertFalse(fdroidserver.common.verify_apk_signature('urzip-badsig.apk'))
self.assertTrue(fdroidserver.common.verify_apk_signature('urzip-release.apk'))
self.assertFalse(fdroidserver.common.verify_apk_signature('urzip-release-unsigned.apk'))
+ def test_verify_old_apk_signature(self):
+ fdroidserver.common.config = None
+ config = fdroidserver.common.read_config(fdroidserver.common.options)
+ config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
+ fdroidserver.common.config = config
+
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('bad-unicode-πÇÇ现代通用字-български-عربي1.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('org.dyndns.fules.ck_20.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('urzip.apk'))
+ self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-badcert.apk'))
+ self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-badsig.apk'))
+ self.assertTrue(fdroidserver.common.verify_old_apk_signature('urzip-release.apk'))
+ self.assertFalse(fdroidserver.common.verify_old_apk_signature('urzip-release-unsigned.apk'))
+
+ def test_verify_jar_signature_succeeds(self):
+ fdroidserver.common.config = None
+ config = fdroidserver.common.read_config(fdroidserver.common.options)
+ config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
+ fdroidserver.common.config = config
+ source_dir = os.path.join(self.basedir, 'signindex')
+ for f in ('testy.jar', 'guardianproject.jar'):
+ testfile = os.path.join(source_dir, f)
+ fdroidserver.common.verify_jar_signature(testfile)
+
+ def test_verify_jar_signature_fails(self):
+ fdroidserver.common.config = None
+ config = fdroidserver.common.read_config(fdroidserver.common.options)
+ config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
+ fdroidserver.common.config = config
+ source_dir = os.path.join(self.basedir, 'signindex')
+ testfile = os.path.join(source_dir, 'unsigned.jar')
+ with self.assertRaises(fdroidserver.index.VerificationException):
+ fdroidserver.common.verify_jar_signature(testfile)
+
def test_verify_apks(self):
fdroidserver.common.config = None
config = fdroidserver.common.read_config(fdroidserver.common.options)
def test_parse_androidmanifests_with_flavor(self):
source_files_dir = os.path.join(os.path.dirname(__file__), 'source-files')
+
app = fdroidserver.metadata.App()
build = fdroidserver.metadata.Build()
build.gradle = ['devVersion']
self.assertEqual(('0.95-dev', '949', 'org.fdroid.fdroid.dev'),
fdroidserver.common.parse_androidmanifests(paths, app))
+ app = fdroidserver.metadata.App()
+ build = fdroidserver.metadata.Build()
+ build.gradle = ['free']
+ app.builds = [build]
+ app.id = 'eu.siacs.conversations'
+ paths = [
+ os.path.join(source_files_dir, 'eu.siacs.conversations', 'build.gradle'),
+ ]
+ for path in paths:
+ self.assertTrue(os.path.isfile(path))
+ self.assertEqual(('1.23.1', '245', 'eu.siacs.conversations'),
+ fdroidserver.common.parse_androidmanifests(paths, app))
+
if __name__ == "__main__":
parser = optparse.OptionParser()
~ianmdlvl / fdroidserver.git / commitdiff