From 2cbde77798374eb93d158dc43265ce146940caa0 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 13 Nov 2019 11:58:55 +0100 Subject: [PATCH 1/4] build: do not crash if SVN URL pre-validation fails; log error This is the problem: https://jenkins.debian.net/job/reproducible_fdroid_build_apps/704/console --- fdroidserver/common.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 9fa6072d..033aaebf 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -1034,9 +1034,12 @@ class vcs_gitsvn(vcs): raise VCSException(_('HTTPS must be used with Subversion URLs!')) # git-svn sucks at certificate validation, this throws useful errors: - import requests - r = requests.head(remote) - r.raise_for_status() + try: + import requests + r = requests.head(remote) + r.raise_for_status() + except Exception as e: + raise VCSException('SVN certificate pre-validation failed: ' + str(e)) location = r.headers.get('location') if location and not location.startswith('https://'): raise VCSException(_('Invalid redirect to non-HTTPS: {before} -> {after} ') From 3354e66bd379f02c1ebfcc656c31f9f41ebb1509 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Fri, 1 Nov 2019 17:36:49 +0100 Subject: [PATCH 2/4] common: use standard format tags when generating the log name --- fdroidserver/common.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 033aaebf..99b3a5ed 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -3261,8 +3261,9 @@ def deploy_build_log_with_rsync(appid, vercode, log_content): # gzip compress log file log_gz_path = os.path.join('repo', - '{pkg}_{ver}.log.gz'.format(pkg=appid, - ver=vercode)) + '{appid}_{versionCode}.log.gz'.format(appid=appid, + versionCode=vercode)) + with gzip.open(log_gz_path, 'wb') as f: if isinstance(log_content, str): f.write(bytes(log_content, 'utf-8')) From e6bf586e748e8c85a4a2deda9c22d9e447422210 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Fri, 1 Nov 2019 17:38:08 +0100 Subject: [PATCH 3/4] common: make v2 signature message a debug message https://gitlab.com/fdroid/fdroidserver/issues/703#note_238122327 closes #703 --- fdroidserver/common.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 99b3a5ed..7e145519 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -2537,12 +2537,12 @@ def get_first_signer_certificate(apkpath): apkobject = _get_androguard_APK(apkpath) certs = apkobject.get_certificates_der_v2() if len(certs) > 0: - logging.info(_('Using APK Signature v2')) + logging.debug(_('Using APK Signature v2')) cert_encoded = certs[0] if not cert_encoded: certs = apkobject.get_certificates_der_v3() if len(certs) > 0: - logging.info(_('Using APK Signature v3')) + logging.debug(_('Using APK Signature v3')) cert_encoded = certs[0] if not cert_encoded: From b95f66a806c9d05f9edc905b6bd58be02e5f8b77 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 6 Nov 2019 09:00:32 +0100 Subject: [PATCH 4/4] scanner: only allow HTTPS versions of the whitelist --- fdroidserver/scanner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fdroidserver/scanner.py b/fdroidserver/scanner.py index acc19e72..94c8cf72 100644 --- a/fdroidserver/scanner.py +++ b/fdroidserver/scanner.py @@ -96,7 +96,7 @@ def scan_source(build_dir, build=metadata.Build()): gradle_mavenrepo = re.compile(r'maven *{ *(url)? *[\'"]?([^ \'"]*)[\'"]?') - allowed_repos = [re.compile(r'^https?://' + re.escape(repo) + r'/*') for repo in [ + allowed_repos = [re.compile(r'^https://' + re.escape(repo) + r'/*') for repo in [ 'repo1.maven.org/maven2', # mavenCentral() 'jcenter.bintray.com', # jcenter() 'jitpack.io',