import xml.etree.ElementTree as XMLElementTree
from binascii import hexlify
-from datetime import datetime
+from datetime import datetime, timedelta
from distutils.version import LooseVersion
from queue import Queue
from zipfile import ZipFile
import fdroidserver.metadata
from fdroidserver import _
-from fdroidserver.exception import FDroidException, VCSException, BuildException, VerificationException
+from fdroidserver.exception import FDroidException, VCSException, NoSubmodulesException,\
+ BuildException, VerificationException
from .asynchronousfilereader import AsynchronousFileReader
+# this is the build-tools version, aapt has a separate version that
+# has to be manually set in test_aapt_version()
+MINIMUM_AAPT_VERSION = '26.0.0'
+
+VERCODE_OPERATION_RE = re.compile(r'^([ 0-9/*+-]|%c)+$')
# A signature block file with a .DSA, .RSA, or .EC extension
CERT_PATH_REGEX = re.compile(r'^META-INF/.*\.(DSA|EC|RSA)$')
default_config = {
'sdk_path': "$ANDROID_HOME",
'ndk_paths': {
- 'r9b': None,
'r10e': None,
'r11c': None,
'r12b': "$ANDROID_NDK",
'r13b': None,
'r14b': None,
'r15c': None,
+ 'r16b': None,
},
- 'qt_sdk_path': None,
- 'build_tools': "25.0.2",
+ 'build_tools': MINIMUM_AAPT_VERSION,
'force_build_tools': False,
'java_paths': None,
'ant': "ant",
def setup_global_opts(parser):
+ try: # the buildserver VM might not have PIL installed
+ from PIL import PngImagePlugin
+ logger = logging.getLogger(PngImagePlugin.__name__)
+ logger.setLevel(logging.INFO) # tame the "STREAM" debug messages
+ except ImportError:
+ pass
+
parser.add_argument("-v", "--verbose", action="store_true", default=False,
help=_("Spew out even more information than normal"))
parser.add_argument("-q", "--quiet", action="store_true", default=False,
r'^java-([6-9])-oracle$', # Debian WebUpd8
r'^jdk-([6-9])-oracle-.*$', # Debian make-jpkg
r'^java-([6-9])-openjdk-[^c][^o][^m].*$', # Debian
+ r'^oracle-jdk-bin-1\.([7-9]).*$', # Gentoo (oracle)
+ r'^icedtea-bin-([7-9]).*$', # Gentoo (openjdk)
]:
m = re.match(regex, j)
if not m:
pathlist += glob.glob('/usr/java/jdk1.[6-9]*')
pathlist += glob.glob('/System/Library/Java/JavaVirtualMachines/1.[6-9].0.jdk')
pathlist += glob.glob('/Library/Java/JavaVirtualMachines/*jdk*[6-9]*')
+ pathlist += glob.glob('/opt/oracle-jdk-*1.[7-9]*')
+ pathlist += glob.glob('/opt/icedtea-*[7-9]*')
if os.getenv('JAVA_HOME') is not None:
pathlist.append(os.getenv('JAVA_HOME'))
if os.getenv('PROGRAMFILES') is not None:
minor = m.group(2)
bugfix = m.group(3)
# the Debian package has the version string like "v0.2-23.0.2"
- if '.' not in bugfix and LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.2166767'):
- logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-23.0.0 or newer!")
- .format(aapt=aapt))
+ too_old = False
+ if '.' in bugfix:
+ if LooseVersion(bugfix) < LooseVersion(MINIMUM_AAPT_VERSION):
+ too_old = True
+ elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.4062713'):
+ too_old = True
+ if too_old:
+ logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-{version} or newer!")
+ .format(aapt=aapt, version=MINIMUM_AAPT_VERSION))
else:
logging.warning(_('Unknown version of aapt, might cause problems: ') + output)
return glob.glob('.fdroid.[a-jl-z]*[a-rt-z]')
-def read_pkg_args(args, allow_vercodes=False):
+def read_pkg_args(appid_versionCode_pairs, allow_vercodes=False):
"""
- :param args: arguments in the form of multiple appid:[vc] strings
+ :param appids: arguments in the form of multiple appid:[vc] strings
:returns: a dictionary with the set of vercodes specified for each package
"""
-
vercodes = {}
- if not args:
+ if not appid_versionCode_pairs:
return vercodes
- for p in args:
+ for p in appid_versionCode_pairs:
if allow_vercodes and ':' in p:
package, vercode = p.split(':')
else:
return vercodes
-def read_app_args(args, allapps, allow_vercodes=False):
- """
- On top of what read_pkg_args does, this returns the whole app metadata, but
- limiting the builds list to the builds matching the vercodes specified.
+def read_app_args(appid_versionCode_pairs, allapps, allow_vercodes=False):
+ """Build a list of App instances for processing
+
+ On top of what read_pkg_args does, this returns the whole app
+ metadata, but limiting the builds list to the builds matching the
+ appid_versionCode_pairs and vercodes specified. If no appid_versionCode_pairs are specified, then
+ all App and Build instances are returned.
+
"""
- vercodes = read_pkg_args(args, allow_vercodes)
+ vercodes = read_pkg_args(appid_versionCode_pairs, allow_vercodes)
if not vercodes:
return allapps
def clientversioncmd(self):
return ['git', '--version']
+ def git(self, args, envs=dict(), cwd=None, output=True):
+ '''Prevent git fetch/clone/submodule from hanging at the username/password prompt
+
+ While fetch/pull/clone respect the command line option flags,
+ it seems that submodule commands do not. They do seem to
+ follow whatever is in env vars, if the version of git is new
+ enough. So we just throw the kitchen sink at it to see what
+ sticks.
+
+ Also, because of CVE-2017-1000117, block all SSH URLs.
+ '''
+ #
+ # supported in git >= 2.3
+ git_config = [
+ '-c', 'core.askpass=/bin/true',
+ '-c', 'core.sshCommand=/bin/false',
+ '-c', 'url.https://.insteadOf=ssh://',
+ ]
+ for domain in ('bitbucket.org', 'github.com', 'gitlab.com'):
+ git_config.append('-c')
+ git_config.append('url.https://u:p@' + domain + '/.insteadOf=git@' + domain + ':')
+ git_config.append('-c')
+ git_config.append('url.https://u:p@' + domain + '.insteadOf=git://' + domain)
+ git_config.append('-c')
+ git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain)
+ envs.update({
+ 'GIT_TERMINAL_PROMPT': '0',
+ 'GIT_ASKPASS': '/bin/true',
+ 'SSH_ASKPASS': '/bin/true',
+ 'GIT_SSH': '/bin/false', # for git < 2.3
+ })
+ return FDroidPopen(['git', ] + git_config + args,
+ envs=envs, cwd=cwd, output=output)
+
def checkrepo(self):
"""If the local directory exists, but is somehow not a git repository,
git will traverse up the directory tree until it finds one
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
# Brand new checkout
- p = FDroidPopen(['git', 'clone', self.remote, self.local])
+ p = self.git(['clone', '--', self.remote, self.local])
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Git clone failed", p.output)
raise VCSException(_("Git clean failed"), p.output)
if not self.refreshed:
# Get latest commits and tags from remote
- p = FDroidPopen(['git', 'fetch', 'origin'], cwd=self.local)
+ p = self.git(['fetch', 'origin'], cwd=self.local)
if p.returncode != 0:
raise VCSException(_("Git fetch failed"), p.output)
- p = FDroidPopen(['git', 'fetch', '--prune', '--tags', 'origin'], cwd=self.local, output=False)
+ p = self.git(['fetch', '--prune', '--tags', 'origin'], output=False, cwd=self.local)
if p.returncode != 0:
raise VCSException(_("Git fetch failed"), p.output)
# Recreate origin/HEAD as git clone would do it, in case it disappeared
if 'Multiple remote HEAD branches' not in lines[0]:
raise VCSException(_("Git remote set-head failed"), p.output)
branch = lines[1].split(' ')[-1]
- p2 = FDroidPopen(['git', 'remote', 'set-head', 'origin', branch], cwd=self.local, output=False)
+ p2 = FDroidPopen(['git', 'remote', 'set-head', 'origin', '--', branch],
+ cwd=self.local, output=False)
if p2.returncode != 0:
raise VCSException(_("Git remote set-head failed"), p.output + '\n' + p2.output)
self.refreshed = True
self.checkrepo()
submfile = os.path.join(self.local, '.gitmodules')
if not os.path.isfile(submfile):
- raise VCSException(_("No git submodules available"))
+ raise NoSubmodulesException(_("No git submodules available"))
# fix submodules not accessible without an account and public key auth
with open(submfile, 'r') as f:
lines = f.readlines()
with open(submfile, 'w') as f:
for line in lines:
- if 'git@github.com' in line:
- line = line.replace('git@github.com:', 'https://github.com/')
- if 'git@gitlab.com' in line:
- line = line.replace('git@gitlab.com:', 'https://gitlab.com/')
+ for domain in ('bitbucket.org', 'github.com', 'gitlab.com'):
+ line = re.sub('git@' + domain + ':', 'https://u:p@' + domain + '/', line)
f.write(line)
p = FDroidPopen(['git', 'submodule', 'sync'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException(_("Git submodule sync failed"), p.output)
- p = FDroidPopen(['git', 'submodule', 'update', '--init', '--force', '--recursive'], cwd=self.local)
+ p = self.git(['submodule', 'update', '--init', '--force', '--recursive'], cwd=self.local)
if p.returncode != 0:
raise VCSException(_("Git submodule update failed"), p.output)
if not result.endswith(self.local):
raise VCSException('Repository mismatch')
+ def git(self, args, envs=dict(), cwd=None, output=True):
+ '''Prevent git fetch/clone/submodule from hanging at the username/password prompt
+
+ AskPass is set to /bin/true to let the process try to connect
+ without a username/password.
+
+ The SSH command is set to /bin/false to block all SSH URLs
+ (supported in git >= 2.3). This protects against
+ CVE-2017-1000117.
+
+ '''
+ git_config = [
+ '-c', 'core.askpass=/bin/true',
+ '-c', 'core.sshCommand=/bin/false',
+ ]
+ envs.update({
+ 'GIT_TERMINAL_PROMPT': '0',
+ 'GIT_ASKPASS': '/bin/true',
+ 'SSH_ASKPASS': '/bin/true',
+ 'GIT_SSH': '/bin/false', # for git < 2.3
+ 'SVN_SSH': '/bin/false',
+ })
+ return FDroidPopen(['git', ] + git_config + args,
+ envs=envs, cwd=cwd, output=output)
+
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
# Brand new checkout
- gitsvn_args = ['git', 'svn', 'clone']
+ gitsvn_args = ['svn', 'clone']
+ remote = None
if ';' in self.remote:
remote_split = self.remote.split(';')
for i in remote_split[1:]:
gitsvn_args.extend(['-t', i[5:]])
elif i.startswith('branches='):
gitsvn_args.extend(['-b', i[9:]])
- gitsvn_args.extend([remote_split[0], self.local])
- p = FDroidPopen(gitsvn_args, output=False)
- if p.returncode != 0:
- self.clone_failed = True
- raise VCSException("Git svn clone failed", p.output)
+ remote = remote_split[0]
else:
- gitsvn_args.extend([self.remote, self.local])
- p = FDroidPopen(gitsvn_args, output=False)
- if p.returncode != 0:
- self.clone_failed = True
- raise VCSException("Git svn clone failed", p.output)
+ remote = self.remote
+
+ if not remote.startswith('https://'):
+ raise VCSException(_('HTTPS must be used with Subversion URLs!'))
+
+ # git-svn sucks at certificate validation, this throws useful errors:
+ import requests
+ r = requests.head(remote)
+ r.raise_for_status()
+ location = r.headers.get('location')
+ if location and not location.startswith('https://'):
+ raise VCSException(_('Invalid redirect to non-HTTPS: {before} -> {after} ')
+ .format(before=remote, after=location))
+
+ gitsvn_args.extend(['--', remote, self.local])
+ p = self.git(gitsvn_args)
+ if p.returncode != 0:
+ self.clone_failed = True
+ raise VCSException(_('git svn clone failed'), p.output)
self.checkrepo()
else:
self.checkrepo()
# Discard any working tree changes
- p = FDroidPopen(['git', 'reset', '--hard'], cwd=self.local, output=False)
+ p = self.git(['reset', '--hard'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Git reset failed", p.output)
# Remove untracked files now, in case they're tracked in the target
# revision (it happens!)
- p = FDroidPopen(['git', 'clean', '-dffx'], cwd=self.local, output=False)
+ p = self.git(['clean', '-dffx'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Git clean failed", p.output)
if not self.refreshed:
# Get new commits, branches and tags from repo
- p = FDroidPopen(['git', 'svn', 'fetch'], cwd=self.local, output=False)
+ p = self.git(['svn', 'fetch'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Git svn fetch failed")
- p = FDroidPopen(['git', 'svn', 'rebase'], cwd=self.local, output=False)
+ p = self.git(['svn', 'rebase'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Git svn rebase failed", p.output)
self.refreshed = True
nospaces_rev = rev.replace(' ', '%20')
# Try finding a svn tag
for treeish in ['origin/', '']:
- p = FDroidPopen(['git', 'checkout', treeish + 'tags/' + nospaces_rev], cwd=self.local, output=False)
+ p = self.git(['checkout', treeish + 'tags/' + nospaces_rev], cwd=self.local, output=False)
if p.returncode == 0:
break
if p.returncode != 0:
svn_rev = svn_rev if svn_rev[0] == 'r' else 'r' + svn_rev
- p = FDroidPopen(['git', 'svn', 'find-rev', '--before', svn_rev, treeish], cwd=self.local, output=False)
+ p = self.git(['svn', 'find-rev', '--before', svn_rev, treeish], cwd=self.local, output=False)
git_rev = p.output.rstrip()
if p.returncode == 0 and git_rev:
if p.returncode != 0 or not git_rev:
# Try a plain git checkout as a last resort
- p = FDroidPopen(['git', 'checkout', rev], cwd=self.local, output=False)
+ p = self.git(['checkout', rev], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("No git treeish found and direct git checkout of '%s' failed" % rev, p.output)
else:
# Check out the git rev equivalent to the svn rev
- p = FDroidPopen(['git', 'checkout', git_rev], cwd=self.local, output=False)
+ p = self.git(['checkout', git_rev], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException(_("Git checkout of '%s' failed") % rev, p.output)
# Get rid of any uncontrolled files left behind
- p = FDroidPopen(['git', 'clean', '-dffx'], cwd=self.local, output=False)
+ p = self.git(['clean', '-dffx'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException(_("Git clean failed"), p.output)
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
- p = FDroidPopen(['hg', 'clone', self.remote, self.local], output=False)
+ p = FDroidPopen(['hg', 'clone', '--ssh', '/bin/false', '--', self.remote, self.local],
+ output=False)
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Hg clone failed", p.output)
for line in p.output.splitlines():
if not line.startswith('? '):
raise VCSException("Unexpected output from hg status -uS: " + line)
- FDroidPopen(['rm', '-rf', line[2:]], cwd=self.local, output=False)
+ FDroidPopen(['rm', '-rf', '--', line[2:]], cwd=self.local, output=False)
if not self.refreshed:
- p = FDroidPopen(['hg', 'pull'], cwd=self.local, output=False)
+ p = FDroidPopen(['hg', 'pull', '--ssh', '/bin/false'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Hg pull failed", p.output)
self.refreshed = True
rev = rev or 'default'
if not rev:
return
- p = FDroidPopen(['hg', 'update', '-C', rev], cwd=self.local, output=False)
+ p = FDroidPopen(['hg', 'update', '-C', '--', rev], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Hg checkout of '%s' failed" % rev, p.output)
p = FDroidPopen(['hg', 'purge', '--all'], cwd=self.local, output=False)
def clientversioncmd(self):
return ['bzr', '--version']
+ def bzr(self, args, envs=dict(), cwd=None, output=True):
+ '''Prevent bzr from ever using SSH to avoid security vulns'''
+ envs.update({
+ 'BZR_SSH': 'false',
+ })
+ return FDroidPopen(['bzr', ] + args, envs=envs, cwd=cwd, output=output)
+
def gotorevisionx(self, rev):
if not os.path.exists(self.local):
- p = FDroidPopen(['bzr', 'branch', self.remote, self.local], output=False)
+ p = self.bzr(['branch', self.remote, self.local], output=False)
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Bzr branch failed", p.output)
else:
- p = FDroidPopen(['bzr', 'clean-tree', '--force', '--unknown', '--ignored'], cwd=self.local, output=False)
+ p = self.bzr(['clean-tree', '--force', '--unknown', '--ignored'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Bzr revert failed", p.output)
if not self.refreshed:
- p = FDroidPopen(['bzr', 'pull'], cwd=self.local, output=False)
+ p = self.bzr(['pull'], cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Bzr update failed", p.output)
self.refreshed = True
revargs = list(['-r', rev] if rev else [])
- p = FDroidPopen(['bzr', 'revert'] + revargs, cwd=self.local, output=False)
+ p = self.bzr(['revert'] + revargs, cwd=self.local, output=False)
if p.returncode != 0:
raise VCSException("Bzr revert of '%s' failed" % rev, p.output)
def _gettags(self):
- p = FDroidPopen(['bzr', 'tags'], cwd=self.local, output=False)
+ p = self.bzr(['tags'], cwd=self.local, output=False)
return [tag.split(' ')[0].strip() for tag in
p.output.splitlines()]
os.path.join(root, 'AndroidManifest.xml'))
-vcsearch_g = re.compile(r'''.*[Vv]ersionCode[ =]+["']*([0-9]+)["']*''').search
-vnsearch_g = re.compile(r'.*[Vv]ersionName *=* *(["\'])((?:(?=(\\?))\3.)*?)\1.*').search
-psearch_g = re.compile(r'.*(packageName|applicationId) *=* *["\']([^"]+)["\'].*').search
+vcsearch_g = re.compile(r'''.*[Vv]ersionCode\s*=?\s*["']*([0-9]+)["']*''').search
+vnsearch_g = re.compile(r'''.*[Vv]ersionName\s*=?\s*(["'])((?:(?=(\\?))\3.)*?)\1.*''').search
+psearch_g = re.compile(r'''.*(packageName|applicationId)\s*=*\s*["']([^"']+)["'].*''').search
def app_matches_packagename(app, package):
vercode = None
package = None
+ flavour = None
+ if app.builds and 'gradle' in app.builds[-1] and app.builds[-1].gradle:
+ flavour = app.builds[-1].gradle[-1]
+
if has_extension(path, 'gradle'):
with open(path, 'r') as f:
+ inside_flavour_group = 0
+ inside_required_flavour = 0
for line in f:
if gradle_comment.match(line):
continue
- # Grab first occurence of each to avoid running into
- # alternative flavours and builds.
- if not package:
- matches = psearch_g(line)
- if matches:
- s = matches.group(2)
- if app_matches_packagename(app, s):
- package = s
- if not version:
- matches = vnsearch_g(line)
- if matches:
- version = matches.group(2)
- if not vercode:
- matches = vcsearch_g(line)
- if matches:
- vercode = matches.group(1)
+
+ if inside_flavour_group > 0:
+ if inside_required_flavour > 0:
+ matches = psearch_g(line)
+ if matches:
+ s = matches.group(2)
+ if app_matches_packagename(app, s):
+ package = s
+
+ matches = vnsearch_g(line)
+ if matches:
+ version = matches.group(2)
+
+ matches = vcsearch_g(line)
+ if matches:
+ vercode = matches.group(1)
+
+ if '{' in line:
+ inside_required_flavour += 1
+ if '}' in line:
+ inside_required_flavour -= 1
+ else:
+ if flavour and (flavour in line):
+ inside_required_flavour = 1
+
+ if '{' in line:
+ inside_flavour_group += 1
+ if '}' in line:
+ inside_flavour_group -= 1
+ else:
+ if "productFlavors" in line:
+ inside_flavour_group = 1
+ if not package:
+ matches = psearch_g(line)
+ if matches:
+ s = matches.group(2)
+ if app_matches_packagename(app, s):
+ package = s
+ if not version:
+ matches = vnsearch_g(line)
+ if matches:
+ version = matches.group(2)
+ if not vercode:
+ matches = vcsearch_g(line)
+ if matches:
+ vercode = matches.group(1)
else:
try:
xml = parse_xml(path)
if srclib["Prepare"]:
cmd = replace_config_vars(srclib["Prepare"], build)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=libdir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=libdir)
if p.returncode != 0:
raise BuildException("Error running prepare command for srclib %s"
% name, p.output)
cmd = replace_config_vars(build.init, build)
logging.info("Running 'init' commands in %s" % root_dir)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=root_dir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=root_dir)
if p.returncode != 0:
raise BuildException("Error running init command for %s:%s" %
(app.id, build.versionName), p.output)
dest = os.path.join(build_dir, part)
logging.info("Removing {0}".format(part))
if os.path.lexists(dest):
- if os.path.islink(dest):
- FDroidPopen(['unlink', dest], output=False)
+ # rmtree can only handle directories that are not symlinks, so catch anything else
+ if not os.path.isdir(dest) or os.path.islink(dest):
+ os.remove(dest)
else:
- FDroidPopen(['rm', '-rf', dest], output=False)
+ shutil.rmtree(dest)
else:
logging.info("...but it didn't exist")
libpath = os.path.relpath(libpath, root_dir)
cmd = cmd.replace('$$' + name + '$$', libpath)
- p = FDroidPopen(['bash', '-x', '-c', cmd], cwd=root_dir)
+ p = FDroidPopen(['bash', '-x', '-c', '--', cmd], cwd=root_dir)
if p.returncode != 0:
raise BuildException("Error running prebuild command for %s:%s" %
(app.id, build.versionName), p.output)
return [int(sp) if sp.isdigit() else sp for sp in re.split(r'(\d+)', s)]
+def check_system_clock(dt_obj, path):
+ """Check if system clock is updated based on provided date
+
+ If an APK has files newer than the system time, suggest updating
+ the system clock. This is useful for offline systems, used for
+ signing, which do not have another source of clock sync info. It
+ has to be more than 24 hours newer because ZIP/APK files do not
+ store timezone info
+
+ """
+ checkdt = dt_obj - timedelta(1)
+ if datetime.today() < checkdt:
+ logging.warning(_('System clock is older than date in {path}!').format(path=path)
+ + '\n' + _('Set clock to that time using:') + '\n'
+ + 'sudo date -s "' + str(dt_obj) + '"')
+
+
class KnownApks:
"""permanent store of existing APKs with the date they were added
date = datetime.strptime(t[-1], '%Y-%m-%d')
filename = line[0:line.rfind(appid) - 1]
self.apks[filename] = (appid, date)
+ check_system_clock(date, self.path)
self.changed = False
def writeifchanged(self):
return os.path.splitext(filename)[1].lower()[1:]
-def get_apk_debuggable_aapt(apkfile):
+def use_androguard():
+ """Report if androguard is available, and config its debug logging"""
+
+ try:
+ import androguard
+ if use_androguard.show_path:
+ logging.debug(_('Using androguard from "{path}"').format(path=androguard.__file__))
+ use_androguard.show_path = False
+ if options and options.verbose:
+ logging.getLogger("androguard.axml").setLevel(logging.INFO)
+ return True
+ except ImportError:
+ return False
+
+
+use_androguard.show_path = True
+
+
+def _get_androguard_APK(apkfile):
+ try:
+ from androguard.core.bytecodes.apk import APK
+ except ImportError:
+ raise FDroidException("androguard library is not installed and aapt not present")
+
+ return APK(apkfile)
+
+
+def ensure_final_value(packageName, arsc, value):
+ """Ensure incoming value is always the value, not the resid
+
+ androguard will sometimes return the Android "resId" aka
+ Resource ID instead of the actual value. This checks whether
+ the value is actually a resId, then performs the Android
+ Resource lookup as needed.
+
+ """
+ if value:
+ returnValue = value
+ if value[0] == '@':
+ try: # can be a literal value or a resId
+ res_id = int('0x' + value[1:], 16)
+ res_id = arsc.get_id(packageName, res_id)[1]
+ returnValue = arsc.get_string(packageName, res_id)[1]
+ except ValueError:
+ pass
+ return returnValue
+
+
+def is_apk_and_debuggable_aapt(apkfile):
p = SdkToolsPopen(['aapt', 'dump', 'xmltree', apkfile, 'AndroidManifest.xml'],
output=False)
if p.returncode != 0:
return False
-def get_apk_debuggable_androguard(apkfile):
- try:
- from androguard.core.bytecodes.apk import APK
- except ImportError:
- raise FDroidException("androguard library is not installed and aapt not present")
-
- apkobject = APK(apkfile)
+def is_apk_and_debuggable_androguard(apkfile):
+ apkobject = _get_androguard_APK(apkfile)
if apkobject.is_valid_APK():
debuggable = apkobject.get_element("application", "debuggable")
if debuggable is not None:
return False
-def isApkAndDebuggable(apkfile):
+def is_apk_and_debuggable(apkfile):
"""Returns True if the given file is an APK and is debuggable
:param apkfile: full path to the apk to check"""
if get_file_extension(apkfile) != 'apk':
return False
- if SdkToolsPopen(['aapt', 'version'], output=False):
- return get_apk_debuggable_aapt(apkfile)
+ if use_androguard():
+ return is_apk_and_debuggable_androguard(apkfile)
else:
- return get_apk_debuggable_androguard(apkfile)
+ return is_apk_and_debuggable_aapt(apkfile)
-def get_apk_id_aapt(apkfile):
- """Extrat identification information from APK using aapt.
+def get_apk_id(apkfile):
+ """Extract identification information from APK using aapt.
:param apkfile: path to an APK file.
:returns: triplet (appid, version code, version name)
"""
- r = re.compile("package: name='(?P<appid>.*)' versionCode='(?P<vercode>.*)' versionName='(?P<vername>.*)' platformBuildVersionName='.*'")
+ if use_androguard():
+ return get_apk_id_androguard(apkfile)
+ else:
+ return get_apk_id_aapt(apkfile)
+
+
+def get_apk_id_androguard(apkfile):
+ if not os.path.exists(apkfile):
+ raise FDroidException(_("Reading packageName/versionCode/versionName failed, APK invalid: '{apkfilename}'")
+ .format(apkfilename=apkfile))
+ a = _get_androguard_APK(apkfile)
+ versionName = ensure_final_value(a.package, a.get_android_resources(), a.get_androidversion_name())
+ if not versionName:
+ versionName = '' # versionName is expected to always be a str
+ return a.package, a.get_androidversion_code(), versionName
+
+
+def get_apk_id_aapt(apkfile):
+ r = re.compile("^package: name='(?P<appid>.*)' versionCode='(?P<vercode>.*)' versionName='(?P<vername>.*?)'(?: platformBuildVersionName='.*')?")
p = SdkToolsPopen(['aapt', 'dump', 'badging', apkfile], output=False)
for line in p.output.splitlines():
m = r.match(line)
.format(apkfilename=apkfile))
+def get_minSdkVersion_aapt(apkfile):
+ """Extract the minimum supported Android SDK from an APK using aapt
+
+ :param apkfile: path to an APK file.
+ :returns: the integer representing the SDK version
+ """
+ r = re.compile(r"^sdkVersion:'([0-9]+)'")
+ p = SdkToolsPopen(['aapt', 'dump', 'badging', apkfile], output=False)
+ for line in p.output.splitlines():
+ m = r.match(line)
+ if m:
+ return int(m.group(1))
+ raise FDroidException(_('Reading minSdkVersion failed: "{apkfilename}"')
+ .format(apkfilename=apkfile))
+
+
class PopenResult:
def __init__(self):
self.returncode = None
p = None
try:
p = subprocess.Popen(commands, cwd=cwd, shell=False, env=process_env,
- stdout=subprocess.PIPE, stderr=stderr_param)
+ stdin=subprocess.DEVNULL, stdout=subprocess.PIPE,
+ stderr=stderr_param)
except OSError as e:
raise BuildException("OSError while trying to execute " +
' '.join(commands) + ': ' + str(e))
+ # TODO are these AsynchronousFileReader threads always exiting?
if not stderr_to_stdout and options.verbose:
stderr_queue = Queue()
stderr_reader = AsynchronousFileReader(p.stderr, stderr_queue)
cmd = cmd.replace('$$SDK$$', config['sdk_path'])
cmd = cmd.replace('$$NDK$$', build.ndk_path())
cmd = cmd.replace('$$MVN3$$', config['mvn3'])
- cmd = cmd.replace('$$QT$$', config['qt_sdk_path'] or '')
if build is not None:
cmd = replace_build_vars(cmd, build)
return cmd
o.write('android.library.reference.%d=%s\n' % (number, relpath))
-apk_sigfile = re.compile(r'META-INF/[0-9A-Za-z]+\.(SF|RSA|DSA|EC)')
+apk_sigfile = re.compile(r'META-INF/[0-9A-Za-z_\-]+\.(SF|RSA|DSA|EC)')
def signer_fingerprint_short(sig):
"""
with tempfile.TemporaryDirectory() as tmpdir:
tmp_apk = os.path.join(tmpdir, 'tmp.apk')
- os.rename(signed_apk, tmp_apk)
+ shutil.move(signed_apk, tmp_apk)
with ZipFile(tmp_apk, 'r') as in_apk:
with ZipFile(signed_apk, 'w') as out_apk:
for info in in_apk.infolist():
out_file.write(in_apk.read(f.filename))
+def sign_apk(unsigned_path, signed_path, keyalias):
+ """Sign and zipalign an unsigned APK, then save to a new file, deleting the unsigned
+
+ android-18 (4.3) finally added support for reasonable hash
+ algorithms, like SHA-256, before then, the only options were MD5
+ and SHA1 :-/ This aims to use SHA-256 when the APK does not target
+ older Android versions, and is therefore safe to do so.
+
+ https://issuetracker.google.com/issues/36956587
+ https://android-review.googlesource.com/c/platform/libcore/+/44491
+
+ """
+
+ if get_minSdkVersion_aapt(unsigned_path) < 18:
+ signature_algorithm = ['-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1']
+ else:
+ signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
+
+ p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
+ '-storepass:env', 'FDROID_KEY_STORE_PASS',
+ '-keypass:env', 'FDROID_KEY_PASS']
+ + signature_algorithm + [unsigned_path, keyalias],
+ envs={
+ 'FDROID_KEY_STORE_PASS': config['keystorepass'],
+ 'FDROID_KEY_PASS': config['keypass'], })
+ if p.returncode != 0:
+ raise BuildException(_("Failed to sign application"), p.output)
+
+ p = SdkToolsPopen(['zipalign', '-v', '4', unsigned_path, signed_path])
+ if p.returncode != 0:
+ raise BuildException(_("Failed to zipalign application"))
+ os.remove(unsigned_path)
+
+
def verify_apks(signed_apk, unsigned_apk, tmp_dir):
"""Verify that two apks are the same
"""
- if subprocess.call([config['jarsigner'], '-strict', '-verify', jar]) != 4:
- raise VerificationException(_("The repository's index could not be verified."))
+ error = _('JAR signature failed to verify: {path}').format(path=jar)
+ try:
+ output = subprocess.check_output([config['jarsigner'], '-strict', '-verify', jar],
+ stderr=subprocess.STDOUT)
+ raise VerificationException(error + '\n' + output.decode('utf-8'))
+ except subprocess.CalledProcessError as e:
+ if e.returncode == 4:
+ logging.debug(_('JAR signature verified: {path}').format(path=jar))
+ else:
+ raise VerificationException(error + '\n' + e.output.decode('utf-8'))
def verify_apk_signature(apk, min_sdk_version=None):
args = [config['apksigner'], 'verify']
if min_sdk_version:
args += ['--min-sdk-version=' + min_sdk_version]
- return subprocess.call(args + [apk]) == 0
+ if options.verbose:
+ args += ['--verbose']
+ try:
+ output = subprocess.check_output(args + [apk])
+ if options.verbose:
+ logging.debug(apk + ': ' + output.decode('utf-8'))
+ return True
+ except subprocess.CalledProcessError as e:
+ logging.error('\n' + apk + ': ' + e.output.decode('utf-8'))
else:
- logging.warning("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner")
+ if not config.get('jarsigner_warning_displayed'):
+ config['jarsigner_warning_displayed'] = True
+ logging.warning(_("Using Java's jarsigner, not recommended for verifying APKs! Use apksigner"))
try:
verify_jar_signature(apk)
return True
- except Exception:
- pass
+ except Exception as e:
+ logging.error(e)
return False
jarsigner passes unsigned APKs as "verified"! So this has to turn
on -strict then check for result 4.
+ Just to be safe, this never reuses the file, and locks down the
+ file permissions while in use. That should prevent a bad actor
+ from changing the settings during operation.
+
:returns: boolean whether the APK was verified
+
"""
_java_security = os.path.join(os.getcwd(), '.java.security')
+ if os.path.exists(_java_security):
+ os.remove(_java_security)
with open(_java_security, 'w') as fp:
fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
+ os.chmod(_java_security, 0o400)
+
+ try:
+ cmd = [
+ config['jarsigner'],
+ '-J-Djava.security.properties=' + _java_security,
+ '-strict', '-verify', apk
+ ]
+ output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ if e.returncode != 4:
+ output = e.output
+ else:
+ logging.debug(_('JAR signature verified: {path}').format(path=apk))
+ return True
+ finally:
+ if os.path.exists(_java_security):
+ os.chmod(_java_security, 0o600)
+ os.remove(_java_security)
- return subprocess.call([config['jarsigner'], '-J-Djava.security.properties=' + _java_security,
- '-strict', '-verify', apk]) == 4
+ logging.error(_('Old APK signature failed to verify: {path}').format(path=apk)
+ + '\n' + output.decode('utf-8'))
+ return False
apk_badchars = re.compile('''[/ :;'"]''')
return False
+def local_rsync(options, fromdir, todir):
+ '''Rsync method for local to local copying of things
+
+ This is an rsync wrapper with all the settings for safe use within
+ the various fdroidserver use cases. This uses stricter rsync
+ checking on all files since people using offline mode are already
+ prioritizing security above ease and speed.
+
+ '''
+ rsyncargs = ['rsync', '--recursive', '--safe-links', '--times', '--perms',
+ '--one-file-system', '--delete', '--chmod=Da+rx,Fa-x,a+r,u+w']
+ if not options.no_checksum:
+ rsyncargs.append('--checksum')
+ if options.verbose:
+ rsyncargs += ['--verbose']
+ if options.quiet:
+ rsyncargs += ['--quiet']
+ logging.debug(' '.join(rsyncargs + [fromdir, todir]))
+ if subprocess.call(rsyncargs + [fromdir, todir]) != 0:
+ raise FDroidException()
+
+
def get_per_app_repos():
'''per-app repos are dirs named with the packageName of a single app'''
examplesdir = prefix + '/examples'
return examplesdir
+
+
+def get_wiki_timestamp(timestamp=None):
+ """Return current time in the standard format for posting to the wiki"""
+
+ if timestamp is None:
+ timestamp = time.gmtime()
+ return time.strftime("%Y-%m-%d %H:%M:%SZ", timestamp)
+
+
+def get_android_tools_versions(ndk_path=None):
+ '''get a list of the versions of all installed Android SDK/NDK components'''
+
+ global config
+ sdk_path = config['sdk_path']
+ if sdk_path[-1] != '/':
+ sdk_path += '/'
+ components = []
+ if ndk_path:
+ ndk_release_txt = os.path.join(ndk_path, 'RELEASE.TXT')
+ if os.path.isfile(ndk_release_txt):
+ with open(ndk_release_txt, 'r') as fp:
+ components.append((os.path.basename(ndk_path), fp.read()[:-1]))
+
+ pattern = re.compile('^Pkg.Revision=(.+)', re.MULTILINE)
+ for root, dirs, files in os.walk(sdk_path):
+ if 'source.properties' in files:
+ source_properties = os.path.join(root, 'source.properties')
+ with open(source_properties, 'r') as fp:
+ m = pattern.search(fp.read())
+ if m:
+ components.append((root[len(sdk_path):], m.group(1)))
+
+ return components
+
+
+def get_android_tools_version_log(ndk_path=None):
+ '''get a list of the versions of all installed Android SDK/NDK components'''
+ log = '== Installed Android Tools ==\n\n'
+ components = get_android_tools_versions(ndk_path)
+ for name, version in sorted(components):
+ log += '* ' + name + ' (' + version + ')\n'
+
+ return log
+
+
+def get_git_describe_link():
+ """Get a link to the current fdroiddata commit, to post to the wiki
+
+ """
+ try:
+ output = subprocess.check_output(['git', 'describe', '--always', '--dirty', '--abbrev=0'],
+ universal_newlines=True).strip()
+ except subprocess.CalledProcessError:
+ pass
+ if output:
+ commit = output.replace('-dirty', '')
+ return ('* fdroiddata: [https://gitlab.com/fdroid/fdroiddata/commit/{commit} {id}]\n'
+ .format(commit=commit, id=output))
+ else:
+ logging.error(_("'{path}' failed to execute!").format(path='git describe'))
+ return ''
~ianmdlvl / fdroidserver.git / blobdiff