mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-14 06:52:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

nightly: support OpenSSL 3.0 with Paramiko

Browse source 
OpenSSL 3.0 changed the default output format from PKCS#1 to PKCS#8,
which paramiko does not support.

https://www.openssl.org/docs/man3.0/man1/openssl-rsa.html#traditional
https://github.com/paramiko/paramiko/issues/1015
This commit is contained in:
Hans-Christoph Steiner 2022-09-14 23:48:12 +02:00
parent b987a4af5c
commit d2ef0fee71
No known key found for this signature in database
GPG key ID: 3E177817BA1B9BFA
5 changed files with 109 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitlab-ci.yml
View file

@ -245,6 +245,7 @@ black:
tests/lint.TestCase tests/lint.TestCase
tests/metadata.TestCase tests/metadata.TestCase
tests/ndk-release-checksums.py tests/ndk-release-checksums.py
tests/nightly.TestCase
tests/rewritemeta.TestCase tests/rewritemeta.TestCase

1
MANIFEST.in
View file

@ -43,6 +43,7 @@ include locale/zh_Hant/LC_MESSAGES/fdroidserver.po
include makebuildserver include makebuildserver
include README.md include README.md
include tests/androguard_test.py include tests/androguard_test.py
include tests/aosp_testkey_debug.keystore
include tests/bad-unicode-*.apk include tests/bad-unicode-*.apk
include tests/build.TestCase include tests/build.TestCase
include tests/build-tools/17.0.0/aapt-output-com.moez.QKSMS_182.txt include tests/build-tools/17.0.0/aapt-output-com.moez.QKSMS_182.txt

20
fdroidserver/nightly.py
View file

@ -25,6 +25,7 @@ import os
import paramiko import paramiko
import platform import platform
import shutil import shutil
import ssl
import subprocess import subprocess
import sys import sys
import tempfile import tempfile
@ -47,7 +48,11 @@ DISTINGUISHED_NAME = 'CN=Android Debug,O=Android,C=US'
NIGHTLY = '-nightly' NIGHTLY = '-nightly'
def _ssh_key_from_debug_keystore(keystore=KEYSTORE_FILE): def _ssh_key_from_debug_keystore(keystore=None):
if keystore is None:
# set this here so it can be overridden in the tests
# TODO convert this to a class to get rid of this nonsense
keystore = KEYSTORE_FILE
tmp_dir = tempfile.mkdtemp(prefix='.') tmp_dir = tempfile.mkdtemp(prefix='.')
privkey = os.path.join(tmp_dir, '.privkey') privkey = os.path.join(tmp_dir, '.privkey')
key_pem = os.path.join(tmp_dir, '.key.pem') key_pem = os.path.join(tmp_dir, '.key.pem')
@ -94,10 +99,17 @@ def _ssh_key_from_debug_keystore(keystore=KEYSTORE_FILE):
], ],
env={'LC_ALL': 'C.UTF-8'}, env={'LC_ALL': 'C.UTF-8'},
) )
# OpenSSL 3.0 changed the default output format from PKCS#1 to
# PKCS#8, which paramiko does not support.
# https://www.openssl.org/docs/man3.0/man1/openssl-rsa.html#traditional
# https://github.com/paramiko/paramiko/issues/1015
openssl_rsa_cmd = ['openssl', 'rsa']
if ssl.OPENSSL_VERSION_INFO[0] >= 3:
openssl_rsa_cmd += ['-traditional']
subprocess.check_call( subprocess.check_call(
[ openssl_rsa_cmd
'openssl', + [
'rsa',
'-in', '-in',
key_pem, key_pem,
'-out', '-out',

BIN
tests/aosp_testkey_debug.keystore Normal file
View file

Binary file not shown.

91
tests/nightly.TestCase
View file

@ -1,12 +1,19 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import inspect import inspect
import logging
import optparse import optparse
import os import os
import requests import requests
import shutil
import sys import sys
import tempfile
import time
import unittest import unittest
from pathlib import Path
from unittest.mock import patch
localmodule = os.path.realpath( localmodule = os.path.realpath(
os.path.join(os.path.dirname(inspect.getfile(inspect.currentframe())), '..') os.path.join(os.path.dirname(inspect.getfile(inspect.currentframe())), '..')
) )
@ -17,7 +24,51 @@ if localmodule not in sys.path:
from fdroidserver import common, nightly from fdroidserver import common, nightly
AOSP_TESTKEY_DEBUG_KEYSTORE_KEY_FILE_NAME = (
'debug_keystore_k47SVrA85+oMZAexHc62PkgvIgO8TJBYN00U82xSlxc_id_rsa'
)
class Options:
allow_disabled_algorithms = False
clean = False
delete_unknown = False
nosign = False
pretty = True
rename_apks = False
verbose = False
class NightlyTest(unittest.TestCase): class NightlyTest(unittest.TestCase):
basedir = Path(__file__).resolve().parent
path = os.environ['PATH']
def setUp(self):
logging.basicConfig(level=logging.WARNING)
self.basedir = Path(localmodule) / 'tests'
self.testroot = Path(localmodule) / '.testfiles'
self.testroot.mkdir(exist_ok=True)
os.chdir(self.basedir)
self.tempdir = tempfile.TemporaryDirectory(
str(time.time()), self._testMethodName + '_', self.testroot
)
self.testdir = Path(self.tempdir.name)
self.home = self.testdir / 'home'
self.home.mkdir()
self.dot_android = self.home / '.android'
nightly.KEYSTORE_FILE = str(self.dot_android / 'debug.keystore')
def tearDown(self):
self.tempdir.cleanup()
def _copy_test_debug_keystore(self):
self.dot_android.mkdir()
shutil.copy(
self.basedir / 'aosp_testkey_debug.keystore',
self.dot_android / 'debug.keystore',
)
def test_get_repo_base_url(self): def test_get_repo_base_url(self):
for clone_url, repo_git_base, result in [ for clone_url, repo_git_base, result in [
( (
@ -37,6 +88,46 @@ class NightlyTest(unittest.TestCase):
# gitlab.com often returns 403 Forbidden from their cloudflare restrictions # gitlab.com often returns 403 Forbidden from their cloudflare restrictions
self.assertTrue(r.status_code in (200, 403), 'should not be a redirect') self.assertTrue(r.status_code in (200, 403), 'should not be a redirect')
@patch.dict(os.environ, clear=True)
def test_ssh_key_from_debug_keystore(self):
os.environ['HOME'] = str(self.home)
os.environ['PATH'] = self.path
ssh_private_key_file = nightly._ssh_key_from_debug_keystore(
self.basedir / 'aosp_testkey_debug.keystore'
)
with open(ssh_private_key_file) as fp:
assert '-----BEGIN RSA PRIVATE KEY-----' in fp.read()
with open(ssh_private_key_file + '.pub') as fp:
assert fp.read(8) == 'ssh-rsa '
@patch.dict(os.environ, clear=True)
@patch('sys.argv', ['fdroid nightly', '--verbose'])
def test_main_empty_dot_android(self):
"""Test that it exits with an error when ~/.android is empty"""
os.environ['HOME'] = str(self.home)
os.environ['PATH'] = self.path
with self.assertRaises(SystemExit) as cm:
nightly.main()
self.assertEqual(cm.exception.code, 1)
@patch.dict(os.environ, clear=True)
@patch('sys.argv', ['fdroid nightly', '--verbose'])
def test_main_on_user_machine(self):
"""Test that `fdroid nightly` runs on the user's machine
Careful! If the test env is wrong, it can mess up the local
SSH setup.
"""
dot_ssh = self.home / '.ssh'
dot_ssh.mkdir()
self._copy_test_debug_keystore()
os.environ['HOME'] = str(self.home)
os.environ['PATH'] = self.path
nightly.main()
assert (dot_ssh / AOSP_TESTKEY_DEBUG_KEYSTORE_KEY_FILE_NAME).exists()
assert (dot_ssh / (AOSP_TESTKEY_DEBUG_KEYSTORE_KEY_FILE_NAME + '.pub')).exists()
if __name__ == "__main__": if __name__ == "__main__":
os.chdir(os.path.dirname(__file__)) os.chdir(os.path.dirname(__file__))