From a6a8d345283c98112a26b9fad67efa0df947ec73 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Tue, 23 Aug 2016 16:20:52 +0200 Subject: [PATCH 1/3] sanitize mirror URLs to prevent path segments from being removed urllib.parse.urljoin() will strip off the last path segment before joining if that last path segment does not end with /. That's a "feature" to make it easy to replace file names. Here it was stripping off the essential 'fdroid' segment, making URLs like: https://foo.com/repo when they should be https://foo.com/fdroid/repo --- fdroidserver/update.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fdroidserver/update.py b/fdroidserver/update.py index 9f1ad43c..6261a69e 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -895,11 +895,17 @@ def make_index(apps, sortedids, apks, repodir, archive, categories): repoel = doc.createElement("repo") mirrorcheckfailed = False + mirrors = [] for mirror in config.get('mirrors', []): base = os.path.basename(urllib.parse.urlparse(mirror).path.rstrip('/')) if config.get('nonstandardwebroot') is not True and base != 'fdroid': logging.error("mirror '" + mirror + "' does not end with 'fdroid'!") mirrorcheckfailed = True + # must end with / or urljoin strips a whole path segment + if mirror.endswith('/'): + mirrors.append(mirror) + else: + mirrors.append(mirror + '/') if mirrorcheckfailed: sys.exit(1) @@ -911,7 +917,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories): repoel.setAttribute("url", config['archive_url']) addElement('description', config['archive_description'], doc, repoel) urlbasepath = os.path.basename(urllib.parse.urlparse(config['archive_url']).path) - for mirror in config.get('mirrors', []): + for mirror in mirrors: addElement('mirror', urllib.parse.urljoin(mirror, urlbasepath), doc, repoel) else: @@ -922,7 +928,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories): repoel.setAttribute("url", config['repo_url']) addElement('description', config['repo_description'], doc, repoel) urlbasepath = os.path.basename(urllib.parse.urlparse(config['repo_url']).path) - for mirror in config.get('mirrors', []): + for mirror in mirrors: addElement('mirror', urllib.parse.urljoin(mirror, urlbasepath), doc, repoel) repoel.setAttribute("version", str(METADATA_VERSION)) From 6126b55136a0e6bdda8602d8b2ba8ee68c590e0e Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Tue, 23 Aug 2016 20:30:27 +0200 Subject: [PATCH 2/3] rename server request from "delete" to "uninstall" This matches the Android API's current Intent action for this, rather than the deprecated one: https://gitlab.com/fdroid/fdroidclient/blob/v0.101-alpha5/app/src/main/java/org/fdroid/fdroid/installer/DefaultInstallerActivity.java#L147 https://developer.android.com/reference/android/content/Intent.html#ACTION_UNINSTALL_PACKAGE https://developer.android.com/reference/android/content/Intent.html#ACTION_DELETE --- examples/config.py | 8 ++++---- fdroidserver/update.py | 2 +- tests/run-tests | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/config.py b/examples/config.py index d33ddfac..43eceb1d 100644 --- a/examples/config.py +++ b/examples/config.py @@ -248,9 +248,9 @@ The repository of older versions of applications from the main demo repository. # } # It is possible for the server operator to specify lists of apps that -# must be installed or deleted on the client (aka "push installs). If -# the user has opted in, or the device is already setup to respond to -# these requests, then fdroidclient will automatically install/delete +# must be installed or uninstalled on the client (aka "push installs). +# If the user has opted in, or the device is already setup to respond +# to these requests, then F-Droid will automatically install/uninstall # the packageNames listed. This is protected by the same signing key # as the app index metadata. # @@ -260,7 +260,7 @@ The repository of older versions of applications from the main demo repository. # 'us.replicant', # } # -# delete_list = { +# uninstall_list = { # 'com.facebook.orca', # 'com.android.vending', # } diff --git a/fdroidserver/update.py b/fdroidserver/update.py index 6261a69e..b1ebfd35 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -959,7 +959,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories): repoel.setAttribute("pubkey", extract_pubkey().decode('utf-8')) root.appendChild(repoel) - for command in ('install', 'delete'): + for command in ('install', 'uninstall'): packageNames = [] key = command + '_list' if key in config: diff --git a/tests/run-tests b/tests/run-tests index 7e0eb2aa..c681a2ba 100755 --- a/tests/run-tests +++ b/tests/run-tests @@ -147,13 +147,13 @@ $fdroid init cp -a $WORKSPACE/tests/metadata $WORKSPACE/tests/repo $REPOROOT/ echo "accepted_formats = ['json', 'txt', 'xml', 'yml']" >> config.py echo "install_list = 'org.adaway'" >> config.py -echo "delete_list = {'com.android.vending', 'com.facebook.orca',}" >> config.py +echo "uninstall_list = {'com.android.vending', 'com.facebook.orca',}" >> config.py $fdroid update --verbose test -e repo/index.xml test -e repo/index.jar grep -F '