diff --git a/buildserver/config.buildserver.py b/buildserver/config.buildserver.py index e7a4f416..ac978fbe 100644 --- a/buildserver/config.buildserver.py +++ b/buildserver/config.buildserver.py @@ -9,5 +9,5 @@ ndk_paths = { } qt_sdk_path = "/home/vagrant/qt-sdk/5.7.0/5.7" java_paths = { - '8': "/usr/lib/jvm/java-8-openjdk-i386", + '8': "/usr/lib/jvm/java-8-openjdk-amd64", } diff --git a/fdroidserver/build.py b/fdroidserver/build.py index c63df9d1..f0f027be 100644 --- a/fdroidserver/build.py +++ b/fdroidserver/build.py @@ -28,6 +28,7 @@ import traceback import time import json import requests +import tempfile from configparser import ConfigParser from argparse import ArgumentParser import logging @@ -1211,15 +1212,50 @@ def main(): url = url.replace('%v', build.versionName) url = url.replace('%c', str(build.versionCode)) logging.info("...retrieving " + url) - of = "{0}_{1}.apk.binary".format(app.id, build.versionCode) + of = common.get_release_filename(app, build) + '.binary' of = os.path.join(output_dir, of) try: net.download_file(url, local_filename=of) except requests.exceptions.HTTPError as e: raise FDroidException('downloading Binaries from %s failed' % url) from e + # Now we check weather the build can be verified to + # match the supplied binary or not. Should the + # comparison fail, we mark this build as a failure + # and remove everything from the unsigend folder. + with tempfile.TemporaryDirectory() as tmpdir: + unsigned_apk = \ + common.get_release_filename(app, build) + unsigned_apk = \ + os.path.join(output_dir, unsigned_apk) + compare_result = \ + common.verify_apks(of, unsigned_apk, tmpdir) + if compare_result: + logging.debug('removing %s', unsigned_apk) + os.remove(unsigned_apk) + logging.debug('removing %s', of) + os.remove(of) + compare_result = compare_result.split('\n') + line_count = len(compare_result) + compare_result = compare_result[:299] + if line_count > len(compare_result): + line_difference = \ + line_count - len(compare_result) + compare_result.append('%d more lines ...' % + line_difference) + compare_result = '\n'.join(compare_result) + raise FDroidException('compared built binary ' + 'to supplied reference ' + 'binary but failed', + compare_result) + else: + logging.info('compared built binary to ' + 'supplied reference binary ' + 'successfully') + build_succeeded.append(app) wikilog = "Build succeeded" + except VCSException as vcse: reason = str(vcse).split('\n', 1)[0] if options.verbose else str(vcse) logging.error("VCS error while building app %s: %s" % ( diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 8ced40c9..629d1b4a 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -2020,7 +2020,8 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir): if not verified: logging.info("...NOT verified - {0}".format(tmp_apk)) - return compare_apks(signed_apk, tmp_apk, tmp_dir, os.path.dirname(unsigned_apk)) + return compare_apks(signed_apk, tmp_apk, tmp_dir, + os.path.dirname(unsigned_apk)) logging.info("...successfully verified") return None @@ -2101,9 +2102,8 @@ def compare_apks(apk1, apk2, tmp_dir, log_dir=None): p = FDroidPopen(['diff', '-r', apk1dir, apk2dir], output=False) lines = p.output.splitlines() if len(lines) != 1 or 'META-INF' not in lines[0]: - meld = find_command('meld') - if meld is not None: - p = FDroidPopen(['meld', apk1dir, apk2dir], output=False) + if set_command_in_config('meld'): + p = FDroidPopen([config['meld'], apk1dir, apk2dir], output=False) return("Unexpected diff output - " + p.output) # since everything verifies, delete the comparison to keep cruft down diff --git a/fdroidserver/dscanner.py b/fdroidserver/dscanner.py index 10e98b31..a9ffa027 100644 --- a/fdroidserver/dscanner.py +++ b/fdroidserver/dscanner.py @@ -467,7 +467,7 @@ def main(): for build in app.builds: apks = [] for f in os.listdir(options.repo_path): - n = "%v_%v.apk".format(app_id, build.versionCode) + n = common.get_release_filename(app, build) if f == n: apks.append(f) for apk in sorted(apks): diff --git a/fdroidserver/update.py b/fdroidserver/update.py index a97a40bf..d08bb25b 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -319,7 +319,7 @@ def delete_disabled_builds(apps, apkcache, repodirs): for build in app['builds']: if not build.disable: continue - apkfilename = appid + '_' + str(build.versionCode) + '.apk' + apkfilename = common.get_release_filename(app, build) iconfilename = "%s.%s.png" % ( appid, build.versionCode)