chiark / gitweb /
Izzy [Wed, 5 Jul 2017 20:31:21 +0000 (20:31 +0000)]
create_metadata: do not skip APK files having no name
Izzy [Tue, 4 Jul 2017 19:15:04 +0000 (21:15 +0200)]
added new AntiFeature: ApplicationDebuggable
Useful e.g. for "test repositories" to indicate an app was compiled with
"application-debuggable"
Hans-Christoph Steiner [Tue, 4 Jul 2017 12:53:21 +0000 (14:53 +0200)]
gitlab-ci: remove hacks need to support Debian/jessie
Hans-Christoph Steiner [Tue, 4 Jul 2017 12:34:42 +0000 (14:34 +0200)]
Merge branch 'ndk' into 'master'
NDK r14b and r15b
See merge request !293
Hans-Christoph Steiner [Tue, 4 Jul 2017 12:24:17 +0000 (12:24 +0000)]
Merge branch '290-make-rewrite-metadata-respect-key-word-sort-order' into 'master'
Resolve "make `fdroid rewritemeta` respect key-word sort order for YAML files"
Closes #290
See merge request !295
Michael Pöhn [Tue, 4 Jul 2017 11:51:59 +0000 (11:51 +0000)]
Merge branch '290-make-rewrite-metadata-respect-key-word-sort-order' into 'master'
rewritemeta: respect key-word sort order for YAML files
Closes #290
See merge request !263
Michael Pöhn [Tue, 4 Jul 2017 11:35:05 +0000 (13:35 +0200)]
moved some yaml test files into a separate forlder to avoid conflicts with other test cases
Michael Pöhn [Tue, 4 Jul 2017 11:27:45 +0000 (13:27 +0200)]
correct yaml-rewriting for buildozer flag
Michael Pöhn [Tue, 23 May 2017 10:36:57 +0000 (12:36 +0200)]
import ruamel.ymal only when re-writing yaml metadata
Michael Pöhn [Fri, 19 May 2017 11:47:05 +0000 (13:47 +0200)]
rewritemeta yaml: fixed boolen mapping for build flags
Michael Pöhn [Tue, 16 May 2017 14:28:24 +0000 (16:28 +0200)]
use stored metadatapath instead of guessing it
Michael Pöhn [Tue, 16 May 2017 13:26:59 +0000 (15:26 +0200)]
fix indentation
Hans-Christoph Steiner [Fri, 25 Nov 2016 14:23:01 +0000 (15:23 +0100)]
`fdroid update --create-metadata` now outputs YAML format
As part of the push towards using YAML as the main metadata format, this
makes the blank template be a .yml file.
Michael Pöhn [Tue, 16 May 2017 13:04:37 +0000 (15:04 +0200)]
fix building with yml metadata
Michael Pöhn [Tue, 16 May 2017 08:29:32 +0000 (10:29 +0200)]
set required minimum ruamel.yaml version
Michael Pöhn [Tue, 9 May 2017 12:13:14 +0000 (14:13 +0200)]
refactored yaml tests into metadata test case; fixed typo
Michael Pöhn [Tue, 9 May 2017 11:15:28 +0000 (13:15 +0200)]
add ruamel yaml to buildserver depenencies
Michael Pöhn [Sun, 7 May 2017 16:23:22 +0000 (18:23 +0200)]
completed ordered yaml field list
Michael Pöhn [Sun, 7 May 2017 00:13:25 +0000 (02:13 +0200)]
prettify write_yaml metadata
Michael Pöhn [Tue, 2 May 2017 12:13:30 +0000 (14:13 +0200)]
yaml rewrite version code as int
Michael Pöhn [Tue, 2 May 2017 11:00:33 +0000 (13:00 +0200)]
rewrite metadata builds list to yaml
Michael Pöhn [Tue, 2 May 2017 08:06:42 +0000 (10:06 +0200)]
yaml metadata rewrite: correct blank line
Michael Pöhn [Mon, 1 May 2017 20:40:14 +0000 (22:40 +0200)]
add ruamel.yaml to setup.py
Michael Pöhn [Mon, 1 May 2017 20:35:06 +0000 (22:35 +0200)]
fixed pyflakes/pep warings
Michael Pöhn [Mon, 1 May 2017 19:19:51 +0000 (21:19 +0200)]
rewrite to yaml works for app data now (builds still missing)
relan [Tue, 4 Jul 2017 08:44:25 +0000 (11:44 +0300)]
makebuildserver: add NDK r15b
relan [Tue, 4 Jul 2017 07:46:52 +0000 (10:46 +0300)]
makebuildserver: fix NDK r14b provisioning
Replace r14 with r14b after
a57bff7.
Hans-Christoph Steiner [Mon, 3 Jul 2017 22:08:43 +0000 (22:08 +0000)]
Merge branch 'repo-update-break-down' into 'master'
Break down the update.scan_apk() method into smaller pieces
See merge request !288
Torsten Grote [Wed, 14 Jun 2017 14:12:25 +0000 (11:12 -0300)]
Break up the scan_apk() method and rename it to process_apk()
Hans-Christoph Steiner [Mon, 3 Jul 2017 18:40:15 +0000 (20:40 +0200)]
gitlab-ci: switch to new Debian/stretch image
ci-images-server!1
Hans-Christoph Steiner [Mon, 3 Jul 2017 09:07:08 +0000 (09:07 +0000)]
Merge branch 'archive-policy-fix' into 'master'
Archive policy overhaul
Closes #323, #292, and #166
See merge request !291
Hans-Christoph Steiner [Thu, 29 Jun 2017 17:53:15 +0000 (19:53 +0200)]
gitlab-ci: apt upgrade so that tests run with current updates
The MD5 signature stuff was failing in tests because the CI image was
using a quite old version of Java's jarsigner, which had not yet disabled
MD5.
Hans-Christoph Steiner [Thu, 29 Jun 2017 19:15:30 +0000 (21:15 +0200)]
update: invalidate cache if allow_disabled_algorithms changes
Since the cache contains implicitly the result of the jarsigner verify,
if the allow_disabled_algorithms config changes, then the apkcache is
invalid.
Hans-Christoph Steiner [Thu, 29 Jun 2017 18:28:16 +0000 (20:28 +0200)]
update: write cache file if anything has changed it
This fixes a bug introduced in
04db6870 where cachechanged for scan_apks()
was set only by the last call to scan_apk().
Hans-Christoph Steiner [Wed, 28 Jun 2017 20:10:43 +0000 (22:10 +0200)]
tests: make sure apkcache gets created
Hans-Christoph Steiner [Tue, 27 Jun 2017 20:07:53 +0000 (22:07 +0200)]
update: create 'archive/' if needed when moving APKs
Normally, just 'repo/' is created by default, e.g. `fdroid init`. If APKs
are dumped into 'repo/', then have invalid signatures, then they'll be
automatically moved to 'archive/', which therefore needs to exist.
Hans-Christoph Steiner [Tue, 27 Jun 2017 19:40:39 +0000 (21:40 +0200)]
update: allow_disabled_algorithms option to keep MD5 sigs in repo
The new policy is to move APKs with invalid signatures to the archive,
and only add those APKs to the archive's index if they have valid MD5
signatures.
closes #323
closes #292
Hans-Christoph Steiner [Tue, 27 Jun 2017 07:54:35 +0000 (09:54 +0200)]
update: allow deprecated signatures only in the archive
In April 2017, Oracle's jarsigner and Google's apksigner both switched to
considering any APK signature that uses MD5 as unsigned. Any old build
is likely to have a MD5 signature. This sets up the archive as the only
place where these "disabled algorithms" are allowed in the repo, and
marks any APK signed by a "disabled algorithm" as having a "known
vulnerability"
This also now automatically moves APKs with invalid signatures to the
archive section.
#323
Hans-Christoph Steiner [Mon, 26 Jun 2017 19:08:01 +0000 (21:08 +0200)]
update: move duplicated code into move_apk_between_sections()
Hans-Christoph Steiner [Fri, 23 Jun 2017 21:55:12 +0000 (23:55 +0200)]
fix "Archive Policy:" field, APKs can move in/out of archive
The original logic was checking keepversions against the len() of ALL the
APKs in the repo/archive. The correct thing is to check against the
number of APKs available for the given packageName/appid.
closes #166
Hans-Christoph Steiner [Tue, 27 Jun 2017 21:33:24 +0000 (23:33 +0200)]
tests: test moving files to and from the archive
#166
Hans-Christoph Steiner [Wed, 28 Jun 2017 21:53:18 +0000 (21:53 +0000)]
Merge branch 'random-small-fixes' into 'master'
Random small fixes
Closes #222
See merge request !292
Hans-Christoph Steiner [Wed, 28 Jun 2017 20:23:04 +0000 (22:23 +0200)]
init: update docs links for next steps
Hans-Christoph Steiner [Fri, 23 Jun 2017 19:58:46 +0000 (21:58 +0200)]
lint: check file extension for metadata
This helps keep fdroiddata clean, on @krt's request.
closes #222
Hans-Christoph Steiner [Fri, 23 Jun 2017 14:38:40 +0000 (16:38 +0200)]
locale: fix broken source string
Hans-Christoph Steiner [Wed, 21 Jun 2017 12:01:01 +0000 (14:01 +0200)]
scan APKs for signs of "Master Key" exploit
This exploit is old, and was fixed in 4.4. But it was easy to exploit,
so it is still worth scanning for it. It is also easy to scan for, since
valid APKs should not have files with duplicate names. In theory, this
could look for duplicate file names for any file, but this limits the
false positives by only checking names of files related to executing code.
fdroidclient#40
Hans-Christoph Steiner [Thu, 15 Jun 2017 15:02:46 +0000 (17:02 +0200)]
update: move btlog import since btlog.py requires python3-git
To keep the dependencies limited to where they are needed.
Hans-Christoph Steiner [Wed, 28 Jun 2017 21:12:04 +0000 (23:12 +0200)]
gitlab-ci: fix metadata_v0 test to run on the right commits
Checking out master will often mean its testing the wrong commit, since
merge requests rarely are in master.
Hans-Christoph Steiner [Thu, 22 Jun 2017 14:32:44 +0000 (16:32 +0200)]
gitlab-ci: fix metadata_v0 test for new buildozer build flag
Just remove it, since 0.7.0 does not know about that build flag.
Hans-Christoph Steiner [Wed, 21 Jun 2017 12:04:45 +0000 (12:04 +0000)]
Merge branch 'buildozer-build' into 'master'
Added a method to build python/kivy projects using buildozer.
See merge request !290
lb@lb520 [Wed, 21 Jun 2017 06:26:52 +0000 (08:26 +0200)]
Test metadata files updated.
Hans-Christoph Steiner [Tue, 20 Jun 2017 18:24:43 +0000 (20:24 +0200)]
gitlab-ci: properly quote colons
Hans-Christoph Steiner [Tue, 20 Jun 2017 16:15:03 +0000 (18:15 +0200)]
gitlab-ci: ignore blank Description in metadata_v0 test
We'll eventually be moving to having the internal representation use a
'' or None when there is no Description, so no use in fixing this.
lb@lb520 [Tue, 20 Jun 2017 13:56:15 +0000 (15:56 +0200)]
build.py corrected
lb@lb520 [Tue, 20 Jun 2017 12:16:31 +0000 (14:16 +0200)]
Added a method to build python/kivy projects using buildozer.
Hans-Christoph Steiner [Mon, 19 Jun 2017 09:36:21 +0000 (09:36 +0000)]
Merge branch 'vagrantfile-box' into 'master'
Copy initial buildserver CPU/memory configuration to final box Vagrantfile
See merge request !279
Hans-Christoph Steiner [Sat, 17 Jun 2017 11:01:39 +0000 (11:01 +0000)]
Merge branch 'gradle4' into 'master'
makebs: add gradle4.0
See merge request !289
Hans-Christoph Steiner [Sat, 17 Jun 2017 11:00:57 +0000 (11:00 +0000)]
Merge branch 'googlemaven' into 'master'
Add Google's maven repo to allowed list
See merge request !275
Boris Kraut [Fri, 16 Jun 2017 23:39:44 +0000 (01:39 +0200)]
makebs: add gradle4.0
Hans-Christoph Steiner [Fri, 16 Jun 2017 20:20:59 +0000 (22:20 +0200)]
set gettext template to UTF-8
Hans-Christoph Steiner [Fri, 16 Jun 2017 20:10:37 +0000 (22:10 +0200)]
move translation files to 'locale' like Repomaker does
The django gettext layout seems to the most standard approach with
Python projects.
Hans-Christoph Steiner [Thu, 15 Jun 2017 15:20:38 +0000 (17:20 +0200)]
jenkins-build: point to new dir named after the script
This changes out the arbitrary names used before.
Hans-Christoph Steiner [Thu, 15 Jun 2017 15:16:52 +0000 (17:16 +0200)]
Hans-Christoph Steiner [Thu, 15 Jun 2017 15:07:01 +0000 (17:07 +0200)]
jenkins-build: `git clean` before running fdroid cli tests
Otherwise, `fdroid init` will fail since the old repo files are present.
Hans-Christoph Steiner [Mon, 12 Jun 2017 14:15:07 +0000 (16:15 +0200)]
update: do not crash on screenshots without texts/graphics
`fdroid update` crashed for apps that only had screenshots but no graphics
or localized texts because destdir was not being set in that case. This
fixes that and adds a test case.
closes #320
!286
Hans-Christoph Steiner [Mon, 12 Jun 2017 19:26:04 +0000 (19:26 +0000)]
Merge branch 'fix' into 'master'
fix #320 due to unintentionally reusing the same variable name
Closes #320
See merge request !286
Rui Zhao (renyuneyun) [Mon, 12 Jun 2017 17:04:30 +0000 (18:04 +0100)]
fix !320 due to unintentionally reusing the same variable name
Boris Kraut [Sat, 10 Jun 2017 09:55:47 +0000 (09:55 +0000)]
Merge branch 'master' into 'master'
makebuildserver: bump tools, add api26 and build-tools 26
See merge request !284
Sergey Eremin [Fri, 9 Jun 2017 17:35:04 +0000 (20:35 +0300)]
makebuildserver: bump tools, add api26 and build-tools 26
Boris Kraut [Thu, 8 Jun 2017 01:54:34 +0000 (01:54 +0000)]
Merge branch 'fdroiddata-localization-fixes' into 'master'
fdroiddata localization fixes
See merge request !283
Hans-Christoph Steiner [Wed, 7 Jun 2017 09:33:01 +0000 (11:33 +0200)]
rewritemeta: do not include empty Summary: or Description:
Since the Summary: and Description: in the metadata file has the highest
priority of all the localized texts, adding blank versions means that
apps would always have blank Summary and Description even if the app has
those fields in the localized sections of fdroiddata and/or in the app's
source repo itself.
fdroiddata!2262
Hans-Christoph Steiner [Fri, 2 Jun 2017 11:56:57 +0000 (13:56 +0200)]
lint can no longer properly detect unset Summary/Description
Since the Summary/Description can now be set in the app's source code, or
in fdroiddata/metadata/<packageName>/<locale>/*.txt, this lint check is
no longer valid. It is important to check whether these texts are empty,
but it'll require some thinking about how and where to best to that.
`fdroid update` will have access to all that data, but perhaps at that
point it is too late.
Also, the current text prioritization puts Summary/Description in the
.txt/.yml file at the highest priority, overriding every other copy,
including in fdroiddata/metadata/<packageName>/<locale> and in the app's
source code.
Hans-Christoph Steiner [Fri, 2 Jun 2017 11:41:04 +0000 (13:41 +0200)]
support fdroid names in filenames for localized texts
* "full description" is just "description"
* "short description" is "summary"
* "title" is "name"
Hans-Christoph Steiner [Fri, 2 Jun 2017 11:39:18 +0000 (13:39 +0200)]
support fastlane simplified metadata dir
Running `fastlane init` gave me a much simpler directory layout, which
turns out to be the same as what is used for fdroiddata.
Hans-Christoph Steiner [Wed, 7 Jun 2017 18:19:40 +0000 (18:19 +0000)]
Merge branch 'check-vmx-libvirt' into 'master'
Use Qemu instead of KVM when we don't have VMX/SVM
See merge request !282
Torsten Grote [Fri, 2 Jun 2017 14:22:26 +0000 (14:22 +0000)]
Merge branch 'localization-template' into 'master'
add core help strings to gettext source file
See merge request !281
Torsten Grote [Fri, 2 Jun 2017 14:20:20 +0000 (14:20 +0000)]
Merge branch 'duplicate-apk-processing' into 'master'
APK processing for duplicate versionCodes and renaming
See merge request !280
Hans-Christoph Steiner [Thu, 18 May 2017 16:54:16 +0000 (18:54 +0200)]
add core help strings to gettext source file
This will allow us to put these up on Weblate and have people start
translating them. Then we can figure out how to actually include and
deploy the translations later. It is unfortunately non-trivial, since
we have to manually figure out the install paths.
Willem Mulder [Fri, 2 Jun 2017 09:35:46 +0000 (11:35 +0200)]
Use Qemu instead of KVM when we don't have VMX/SVM
Hans-Christoph Steiner [Thu, 1 Jun 2017 14:24:31 +0000 (16:24 +0200)]
check signature and OpenSSL after APK has proven valid
If working with a random grabbag of APKs, there can be all sorts of
issues like corrupt entries in the ZIP, bad signatures, signatures that
are invalid since they use MD5, etc. Moving these two checks later means
that the APKs can be renamed still.
This does change how common.getsig() works. For years, it returned
None if the signature check failed. Now that I've started working
with giant APK collections gathered from the wild, I can see that
`fdroid update` needs to be able to first index what's there, then
make decisions based on that information. So that means separating
the getsig() fingerprint fetching from the APK signature verification.
This is not hugely security sensitive, since the APKs still have to
get past the Android checks, e.g. update signature checks. Plus the
APK hash is already included in the signed index.
Hans-Christoph Steiner [Thu, 1 Jun 2017 08:29:30 +0000 (10:29 +0200)]
strip file extension from generated name for non-APKs
With a generic file, the file name is the only guaranteed name metadata
field. So if the name is not specified in the metadata, then the name
is set to the filename. This changes that so that the file extension is
stripped from that generated name.
Hans-Christoph Steiner [Thu, 1 Jun 2017 08:27:35 +0000 (10:27 +0200)]
use var naming scheme in KnownApks (apk --> apkName)
Everywhere else, the file name of the APK is called apkName.
Hans-Christoph Steiner [Wed, 31 May 2017 21:02:28 +0000 (23:02 +0200)]
regexs for getting packageName and versionCode from filenames
This is useful for parsing APK files, which can include packageName,
versionCode, and optionally 7 char signing key ID (i.e. <sig>).
This also can set the packageName and versionCoe for non APK files, so
that it is easy to assign them to metadata files, and to allow for
upgrades by setting the versionCode in the filename.
Hans-Christoph Steiner [Wed, 31 May 2017 19:43:40 +0000 (21:43 +0200)]
index.xml cannot handle APKs with the same packageName/versionCode
Really, it is the fdroidclient parser of index.xml that fails, due to the
hardcoded expectation that there will only ever be a single APK for any
given versionCode. We keep index.xml backwards compatible for old
clients, and use index-v1.json to support new things. Having multiple
APKs that have the same packageName and versionCode will break the client
v0.103.* since that version uses index-v1.json, but still has the hard-
coded database parsing stuff.
#153
Hans-Christoph Steiner [Wed, 31 May 2017 19:20:35 +0000 (21:20 +0200)]
update: add --rename-apks to force APK filenames to fdroid standard
uses the standard package.name_123.apk. If that exists, it appends the
shasum. If that exists, then its a duplicate, so its deleted. This should
help @SergeWinters with his 12,000 APKs.
Andrew Patrikalakis [Thu, 1 Jun 2017 13:53:33 +0000 (09:53 -0400)]
Copy initial buildserver CPU/memory configuration to final box Vagrantfile
Hans-Christoph Steiner [Tue, 30 May 2017 12:52:33 +0000 (14:52 +0200)]
allow APKs with same packageName/versionCode but different signer
There are many APKs out in the wild that claim to be the same app and
version and each other, but they are signed by different keys. fdroid
should be able to index these, and work with them. This supports having
the developer's signature via reproducible builds, random collections of
APKs like repomaker, etc.
Hans-Christoph Steiner [Sat, 27 May 2017 19:13:36 +0000 (21:13 +0200)]
gitlab-ci: add index v0 metadata parsing test
This test is very handy for making sure the old index.xml v0 format does
not inadvertantly change.
Hans-Christoph Steiner [Thu, 25 May 2017 18:39:15 +0000 (20:39 +0200)]
add basic test for `fdroid scanner`
There was no test coverage at all for this command, this is a very basic
test that should prevent things like
2626858450953ac65124765d2cd73d1602846372
Hans-Christoph Steiner [Tue, 30 May 2017 19:08:28 +0000 (19:08 +0000)]
Merge branch 'master' into 'master'
Add support for the new Bitbucket look
See merge request !278
Alexey Krasilnikov [Tue, 30 May 2017 10:24:07 +0000 (13:24 +0300)]
Add support for the new Bitbucket look
Hans-Christoph Steiner [Mon, 29 May 2017 08:01:32 +0000 (08:01 +0000)]
Merge branch 'makebs' into 'master'
makebs: update to ndk-r14b and build-tools-25.0.3
See merge request !277
Boris Kraut [Fri, 26 May 2017 21:38:35 +0000 (21:38 +0000)]
Merge branch 'lint-for-newness' into 'master'
`fdroid lint` support for SPDX, l18n, dev signatures
Closes #234
See merge request !269
Boris Kraut [Fri, 26 May 2017 14:54:06 +0000 (16:54 +0200)]
makebs: update to ndk-r14b and build-tools-25.0.3
Hans-Christoph Steiner [Mon, 15 May 2017 14:58:10 +0000 (16:58 +0200)]
make tests pass new lint rules
Hans-Christoph Steiner [Mon, 15 May 2017 14:46:52 +0000 (16:46 +0200)]
lint: use only license tags from https://spdx.org/license-list
closes #234
Hans-Christoph Steiner [Mon, 15 May 2017 13:17:33 +0000 (15:17 +0200)]
lint: support new per-package subdirs for l18n and dev signatures
Graphics and localized text can now be stored in the package folders,
always in a folder that is named for the locale. The upstream developer
signature is also now stored, so that the upstream APK can be reproduced
even if they remove their APKs.
#291
fdroiddata!2229
fdroiddata!2224
fdroidclient#15
fdroidserver#174
Hans-Christoph Steiner [Mon, 15 May 2017 12:58:01 +0000 (14:58 +0200)]
lint: add popular URL shorteners to the banned list
Boris Kraut [Thu, 25 May 2017 18:55:50 +0000 (20:55 +0200)]
scanner: allow google maven
Hans-Christoph Steiner [Thu, 25 May 2017 18:49:14 +0000 (18:49 +0000)]
Merge branch 'master' into 'master'
Don't pass root_dir to scan_source
See merge request !276