mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-15 07:22:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'v2-btlog-sign' into 'master'

Browse source 
update signing and btlog for index-v2

Closes #1005

See merge request fdroid/fdroidserver!1133
This commit is contained in:
Jochen Sprickerhof 2022-05-24 20:28:25 +00:00
commit 05e6c293c0
4 changed files with 46 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitlab-ci.yml
View file

@ -235,6 +235,7 @@ black:
examples/fdroid_extract_repo_pubkey.py examples/fdroid_extract_repo_pubkey.py
examples/makebuildserver.config.py examples/makebuildserver.config.py
fdroid fdroid
fdroidserver/btlog.py
fdroidserver/exception.py fdroidserver/exception.py
fdroidserver/gpgsign.py fdroidserver/gpgsign.py
fdroidserver/lint.py fdroidserver/lint.py

46
fdroidserver/btlog.py
View file

@ -70,7 +70,8 @@ def make_binary_transparency_log(
if not url: if not url:
url = common.config['repo_url'].rstrip('/') url = common.config['repo_url'].rstrip('/')
with open(os.path.join(btrepo, 'README.md'), 'w') as fp: with open(os.path.join(btrepo, 'README.md'), 'w') as fp:
fp.write(""" fp.write(
"""
# Binary Transparency Log for %s # Binary Transparency Log for %s
This is a log of the signed app index metadata. This is stored in a This is a log of the signed app index metadata. This is stored in a
@ -80,8 +81,10 @@ F-Droid repository was a publicly released file.
For more info on this idea: For more info on this idea:
* https://wiki.mozilla.org/Security/Binary_Transparency * https://wiki.mozilla.org/Security/Binary_Transparency
""" % url[:url.rindex('/')]) # strip '/repo' """
gitrepo.index.add(['README.md', ]) % url[: url.rindex('/')] # strip '/repo'
)
gitrepo.index.add(['README.md'])
gitrepo.index.commit('add README') gitrepo.index.commit('add README')
for repodir in repodirs: for repodir in repodirs:
@ -150,13 +153,22 @@ def main():
parser = ArgumentParser() parser = ArgumentParser()
common.setup_global_opts(parser) common.setup_global_opts(parser)
parser.add_argument("--git-repo", parser.add_argument(
"--git-repo",
default=os.path.join(os.getcwd(), 'binary_transparency'), default=os.path.join(os.getcwd(), 'binary_transparency'),
help=_("Path to the git repo to use as the log")) help=_("Path to the git repo to use as the log"),
parser.add_argument("-u", "--url", default='https://f-droid.org', )
help=_("The base URL for the repo to log (default: https://f-droid.org)")) parser.add_argument(
parser.add_argument("--git-remote", default=None, "-u",
help=_("Push the log to this git remote repository")) "--url",
default='https://f-droid.org',
help=_("The base URL for the repo to log (default: https://f-droid.org)"),
)
parser.add_argument(
"--git-remote",
default=None,
help=_("Push the log to this git remote repository"),
)
options = parser.parse_args() options = parser.parse_args()
if options.verbose: if options.verbose:
@ -182,7 +194,15 @@ def main():
os.makedirs(tempdir, exist_ok=True) os.makedirs(tempdir, exist_ok=True)
gitrepodir = os.path.join(options.git_repo, repodir) gitrepodir = os.path.join(options.git_repo, repodir)
os.makedirs(gitrepodir, exist_ok=True) os.makedirs(gitrepodir, exist_ok=True)
for f in ('index.jar', 'index.xml', 'index-v1.jar', 'index-v1.json'): for f in (
'entry.jar',
'entry.json',
'index-v1.jar',
'index-v1.json',
'index-v2.json',
'index.jar',
'index.xml',
):
dlfile = os.path.join(tempdir, f) dlfile = os.path.join(tempdir, f)
dlurl = options.url + '/' + repodir + '/' + f dlurl = options.url + '/' + repodir + '/' + f
http_headers_file = os.path.join(gitrepodir, f + '.HTTP-headers.json') http_headers_file = os.path.join(gitrepodir, f + '.HTTP-headers.json')
@ -196,7 +216,7 @@ def main():
r = session.head(dlurl, headers=headers, allow_redirects=False) r = session.head(dlurl, headers=headers, allow_redirects=False)
if r.status_code != 200: if r.status_code != 200:
logging.debug( logging.debug(
'HTTP Response (' + str(r.status_code) + '), did not download ' + dlurl 'HTTP Response (%d), did not download %s' % (r.status_code, dlurl)
) )
continue continue
if etag and etag == r.headers.get('ETag'): if etag and etag == r.headers.get('ETag'):
@ -218,7 +238,9 @@ def main():
if new_files: if new_files:
os.chdir(tempdirbase) os.chdir(tempdirbase)
make_binary_transparency_log(repodirs, options.git_repo, options.url, 'fdroid btlog') make_binary_transparency_log(
repodirs, options.git_repo, options.url, 'fdroid btlog'
)
if options.git_remote: if options.git_remote:
deploy.push_binary_transparency(options.git_repo, options.git_remote) deploy.push_binary_transparency(options.git_repo, options.git_remote)
shutil.rmtree(tempdirbase, ignore_errors=True) shutil.rmtree(tempdirbase, ignore_errors=True)

1
fdroidserver/common.py
View file

@ -2592,6 +2592,7 @@ def use_androguard():
use_androguard.show_path = False use_androguard.show_path = False
if options and options.verbose: if options and options.verbose:
logging.getLogger("androguard.axml").setLevel(logging.INFO) logging.getLogger("androguard.axml").setLevel(logging.INFO)
logging.getLogger("androguard.core.api_specific_resources").setLevel(logging.ERROR)
return True return True
except ImportError: except ImportError:
return False return False

10
tests/signindex.TestCase
View file

@ -76,7 +76,15 @@ class SignindexTest(unittest.TestCase):
fp.write('# placeholder') fp.write('# placeholder')
shutil.copy(str(self.basedir / 'urzip.apk'), 'repo') shutil.copy(str(self.basedir / 'urzip.apk'), 'repo')
index_files = [] index_files = []
for f in ('index.xml', 'index.jar', 'index-v1.json', 'index-v1.jar'): for f in (
'entry.jar',
'entry.json',
'index-v1.jar',
'index-v1.json',
'index-v2.json',
'index.jar',
'index.xml',
):
for section in (Path('repo'), Path('archive')): for section in (Path('repo'), Path('archive')):
path = section / f path = section / f
self.assertFalse(path.exists(), '%s should not exist yet!' % path) self.assertFalse(path.exists(), '%s should not exist yet!' % path)