diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35680b85..cbc87721 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -57,12 +57,14 @@ debian_testing: - ./run-tests # test using LTS set up with the PPA, including Recommends -ubuntu_lts: +ubuntu_lts_ppa: image: ubuntu:latest only: - master@fdroid/fdroidserver variables: + ANDROID_HOME: /usr/lib/android-sdk DEBIAN_FRONTEND: noninteractive + LANG: C.UTF-8 script: - echo Etc/UTC > /etc/timezone - apt-get -qy update @@ -72,15 +74,15 @@ ubuntu_lts: - echo "deb http://ppa.launchpad.net/fdroid/fdroidserver/ubuntu $RELEASE main" >> /etc/apt/sources.list - apt-get -qy update - apt-get -qy dist-upgrade - - apt-get -qy install --install-recommends fdroidserver git python3-defusedxml python3-setuptools - - export ANDROID_HOME=/usr/lib/android-sdk - - export LANG=C.UTF-8 + - apt-get -qy install --install-recommends binfmt-support fdroidserver git python3-defusedxml python3-setuptools + - grep binfmt /proc/modules || apt -qy purge apksigner - cd tests - ./run-tests -# test using TrustyLTS with all depends from pypi -ubuntu_trusty_pip: - image: ubuntu:trusty +# test using Xenial LTS with all depends from pypi +# apksigner is recommended, but requires binfmt support in the kernel +ubuntu_xenial_pip: + image: ubuntu:xenial only: - master@fdroid/fdroidserver variables: @@ -90,11 +92,10 @@ ubuntu_trusty_pip: - echo Etc/UTC > /etc/timezone - apt-get -qy update - apt-get -qy dist-upgrade - - apt-get -qy install git default-jdk python3-pip python3.4-venv + - apt-get -qy install --no-install-recommends git default-jdk-headless python3-pip python3-venv rsync zipalign - rm -rf env - - pyvenv-3.4 env + - pyvenv env - . env/bin/activate - - echo sed -i "s/'requests.*',$/'requests',/" setup.py - pip3 install --upgrade babel pip setuptools - pip3 install -e . - ./setup.py compile_catalog diff --git a/.travis.yml b/.travis.yml index ae838b54..c9cb33eb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,8 +4,6 @@ language: java matrix: include: - - os: linux - language: android - os: osx osx_image: xcode10.2 env: ANDROID_SDK_ROOT=/usr/local/share/android-sdk @@ -14,29 +12,11 @@ matrix: osx_image: xcode9.3 env: ANDROID_SDK_ROOT=/usr/local/share/android-sdk env: ANDROID_HOME=/usr/local/share/android-sdk - - os: osx - osx_image: xcode9.2 - env: ANDROID_SDK_ROOT=/usr/local/share/android-sdk - env: ANDROID_HOME=/usr/local/share/android-sdk - os: osx osx_image: xcode8.3 env: ANDROID_SDK_ROOT=/usr/local/share/android-sdk env: ANDROID_HOME=/usr/local/share/android-sdk -# On Ubuntu/trusty 14.04, the PPA is needed on to provide lots of the -# dependencies, but this then also serves as a test of the PPA, which -# is used on Windows Subsystem for Linux. -addons: - apt: - update: true - sources: - - sourceline: 'ppa:fdroid/fdroidserver' - packages: - - python3-babel - - python3-defusedxml - - python3-setuptools - - fdroidserver - android: components: - android-23 # required for `fdroid build` test @@ -49,63 +29,59 @@ android: # * Java needs to be at least 1.8.0_131 to have MD5 properly disabled # https://blogs.oracle.com/java-platform-group/oracle-jre-will-no-longer-trust-md5-signed-code-by-default # https://opsech.io/posts/2017/Jun/09/openjdk-april-2017-security-update-131-8u131-and-md5-signed-jars.html +# * mercurial is unused and requires Python 2.x install: - - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then - echo "Skipping Uyghur locale, this has too old a gettext to support it"; - rm -rf locale/ug; - fi - - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then - set -x; - brew update > /dev/null; - if [ "`sw_vers -productVersion | sed 's,10\.\([0-9]*\).*,\1,'`" -gt 10 ]; then + - export HOMEBREW_CURL_RETRIES=10 + - brew update > /dev/null + - if [ "`sw_vers -productVersion | sed 's,10\.\([0-9]*\).*,\1,'`" -ge 14 ]; then + python3 --version; + elif [ "`sw_vers -productVersion | sed 's,10\.\([0-9]*\).*,\1,'`" -gt 10 ]; then + brew uninstall mercurial --force; brew upgrade python; - else + else brew install python3; - fi; - brew install dash bash gnu-sed gradle jenv; - export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"; - if ! ruby -e 'v = `javac -version 2>&1`.split()[1].gsub("_", "."); exit Gem::Dependency.new("", "~> 1.8.0.131").match?("", v)'; then - brew cask uninstall java --force; - brew cask install caskroom/versions/java8; - fi; - brew cask install android-sdk; - - export AAPT_VERSION=`sed -n "s,^MINIMUM_AAPT_VERSION\s*=\s*['\"]\(.*\)[['\"],\1,p" fdroidserver/common.py`; - mkdir -p "$ANDROID_HOME/licenses"; - echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55" > "$ANDROID_HOME/licenses/android-sdk-license"; - echo -e "\nd56f5187479451eabf01fb78af6dfcb131a6481e" >> "$ANDROID_HOME/licenses/android-sdk-license"; - echo -e "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" >> "$ANDROID_HOME/licenses/android-sdk-license"; - echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platform-tools"; - echo y | $ANDROID_HOME/tools/bin/sdkmanager "build-tools;$AAPT_VERSION"; - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platforms;android-23"; - - sudo pip3 install babel; - sudo pip3 install --quiet --editable . ; - sudo rm -rf fdroidserver.egg-info; - - ls -l /System/Library/Java/JavaVirtualMachines || true; - ls -l /Library/Java/JavaVirtualMachines || true; - echo $PATH; - echo $JAVA_HOME; - jenv versions; - /usr/libexec/java_home; - java -version; - which java; - javac -version; - which javac; - jarsigner -help; - which jarsigner; - keytool -help; - which keytool; - set +x; fi + - brew install dash bash gnu-sed gradle jenv + - export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH" + - brew uninstall java --force || true + - brew cask uninstall java --force || true + - brew tap adoptopenjdk/openjdk + - brew cask install adoptopenjdk8 + - brew cask install android-sdk + + - export AAPT_VERSION=`sed -n "s,^MINIMUM_AAPT_VERSION\s*=\s*['\"]\(.*\)[['\"],\1,p" fdroidserver/common.py` + - mkdir -p "$ANDROID_HOME/licenses" + - echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55" > "$ANDROID_HOME/licenses/android-sdk-license" + - echo -e "\nd56f5187479451eabf01fb78af6dfcb131a6481e" >> "$ANDROID_HOME/licenses/android-sdk-license" + - echo -e "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" >> "$ANDROID_HOME/licenses/android-sdk-license" + - echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license" + - echo y | travis_retry $ANDROID_HOME/tools/bin/sdkmanager "platform-tools" > /dev/null + - echo y | travis_retry $ANDROID_HOME/tools/bin/sdkmanager "build-tools;$AAPT_VERSION" > /dev/null + - echo y | travis_retry $ANDROID_HOME/tools/bin/sdkmanager "platforms;android-23" > /dev/null + + - travis_retry sudo pip3 install --progress-bar off babel + - travis_retry sudo pip3 install --quiet --progress-bar off --editable . + - sudo rm -rf fdroidserver.egg-info + + - ls -l /System/Library/Java/JavaVirtualMachines || true + - ls -l /Library/Java/JavaVirtualMachines || true + - for f in /Library/Java/JavaVirtualMachines/*.jdk; do jenv add $f; done + - echo $PATH + - echo $JAVA_HOME + - jenv versions + - /usr/libexec/java_home + - java -version + - which java + - javac -version + - which javac + - jarsigner -help + - which jarsigner + - keytool -help + - which keytool + - sudo rm -rf /Library/Java/JavaVirtualMachines/jdk1.8.0_1*.jdk || true # The OSX tests seem to run slower, they often timeout. So only run # the test suite with the installed version of fdroid. -# -# Supporting pip on Ubuntu/trusty was too painful here, since it seems -# that pip installs conflict with the Ubuntu packages. script: - ./tests/run-tests diff --git a/README.md b/README.md index 0eeab45d..1b0a1c02 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ | CI Builds | fdroidserver | buildserver | fdroid build --all | publishing tools | |--------------------------|:-------------:|:-----------:|:------------------:|:----------------:| -| Debian | [![fdroidserver status on Debian](https://gitlab.com/fdroid/fdroidserver/badges/master/build.svg)](https://gitlab.com/fdroid/fdroidserver/builds) | [![buildserver status](https://jenkins.debian.net/job/reproducible_setup_fdroid_build_environment/badge/icon)](https://jenkins.debian.net/job/reproducible_setup_fdroid_build_environment) | [![fdroid build all status](https://jenkins.debian.net/job/reproducible_fdroid_build_apps/badge/icon)](https://jenkins.debian.net/job/reproducible_fdroid_build_apps/) | [![fdroid test status](https://jenkins.debian.net/job/reproducible_fdroid_test/badge/icon)](https://jenkins.debian.net/job/reproducible_fdroid_test/) | -| macOS & Ubuntu/trusty | [![fdroidserver status on macOS & Ubuntu/LTS](https://travis-ci.org/fdroidtravis/fdroidserver.svg?branch=master)](https://travis-ci.org/fdroidtravis/fdroidserver) | | | | +| GNU/Linux | [![fdroidserver status on GNU/Linux](https://gitlab.com/fdroid/fdroidserver/badges/master/build.svg)](https://gitlab.com/fdroid/fdroidserver/builds) | [![buildserver status](https://jenkins.debian.net/job/reproducible_setup_fdroid_build_environment/badge/icon)](https://jenkins.debian.net/job/reproducible_setup_fdroid_build_environment) | [![fdroid build all status](https://jenkins.debian.net/job/reproducible_fdroid_build_apps/badge/icon)](https://jenkins.debian.net/job/reproducible_fdroid_build_apps/) | [![fdroid test status](https://jenkins.debian.net/job/reproducible_fdroid_test/badge/icon)](https://jenkins.debian.net/job/reproducible_fdroid_test/) | +| macOS | [![fdroidserver status on macOS](https://travis-ci.org/fdroidtravis/fdroidserver.svg?branch=master)](https://travis-ci.org/fdroidtravis/fdroidserver) | | | | # F-Droid Server diff --git a/fdroidserver/nightly.py b/fdroidserver/nightly.py index 42202e71..6f09aa4d 100644 --- a/fdroidserver/nightly.py +++ b/fdroidserver/nightly.py @@ -39,7 +39,7 @@ from . import common # hard coded defaults for Android ~/.android/debug.keystore files # https://developers.google.com/android/guides/client-auth KEYSTORE_FILE = os.path.join(os.getenv('HOME'), '.android', 'debug.keystore') -PASSWORD = 'android' +PASSWORD = 'android' # nosec B105 standard hardcoded password for debug keystores KEY_ALIAS = 'androiddebugkey' DISTINGUISHED_NAME = 'CN=Android Debug,O=Android,C=US' diff --git a/tests/common.TestCase b/tests/common.TestCase index 9b03f4cd..8930ed65 100755 --- a/tests/common.TestCase +++ b/tests/common.TestCase @@ -340,10 +340,16 @@ class CommonTest(unittest.TestCase): fdroidserver.common.config = config self.assertTrue(fdroidserver.common.verify_apk_signature('bad-unicode-πÇÇ现代通用字-български-عربي1.apk')) - self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk')) - self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk')) - self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk')) - self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk')) + if 'apksigner' in fdroidserver.common.config: # apksigner considers MD5 signatures valid + self.assertTrue(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk')) + self.assertTrue(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk')) + self.assertTrue(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk')) + self.assertTrue(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk')) + else: + self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_1.apk')) + self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_2.apk')) + self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_3.apk')) + self.assertFalse(fdroidserver.common.verify_apk_signature('org.bitbucket.tickytacky.mirrormirror_4.apk')) self.assertTrue(fdroidserver.common.verify_apk_signature('org.dyndns.fules.ck_20.apk')) self.assertTrue(fdroidserver.common.verify_apk_signature('urzip.apk')) self.assertFalse(fdroidserver.common.verify_apk_signature('urzip-badcert.apk')) @@ -563,6 +569,7 @@ class CommonTest(unittest.TestCase): def test_sign_apk(self): try: + fdroidserver.common.find_sdk_tools_cmd('aapt') fdroidserver.common.find_sdk_tools_cmd('zipalign') except fdroidserver.exception.FDroidException: print('\n\nSKIPPING test_sign_apk, zipalign is not installed!\n')