openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:
jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar
131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
0 Fri Dec 02 20:09:58 CET 2016 META-INF/
m ? 48743 Fri Dec 02 20:09:58 CET 2016 index.xml
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
? = unsigned entry
- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
Digest algorithm: SHA1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 4096-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
This needs a rerun of `fdroid update --clean`.
In case a build is disabled delete_disabled_builds takes care of
deleting it from the repo. But this only works if the apk follows the
normal name pattern. Otherwise it will stay in the folder and be picked
up by process_apks and added to the index.
Closes: #1002
Android Studio recommends "you use UTF-8 encoding whenever possible",
so this code assumes the files use UTF-8. UTF-8 is also the default
encoding on GNU/Linux and macOS.
https://sites.google.com/a/android.com/tools/knownissues/encoding
Windows will probably default to UTF16, since that's the native
encoding for files. So forcing things to use UTF-8 should help
compatibility.
We switched to apksigner in 50f0534d but old apks where still verified
with jarsigner (or an old apksigner version). Bumping the
METADATA_VERSION to force a rebuild of apkcache.
Hopefully this resolves de.chagemann.regexcrossword getting the
KnownVuln, DisabledAlgorithm tags.
https://jenkins.debian.net/job/reproducible_fdroid_test/422https://jenkins.debian.net/job/reproducible_fdroid_test/423
```
Traceback (most recent call last):
File "../fdroid", line 22, in <module>
fdroidserver.__main__.main()
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/__main__.py", line 227, in main
raise e
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/__main__.py", line 208, in main
mod.main()
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 2316, in main
apks, cachechanged = process_apks(apkcache, repodirs[0], knownapks, options.use_date_from_apk)
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 1746, in process_apks
use_date_from_apk, ada, True)
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 1619, in process_apk
apk = scan_apk(apkfile)
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 1385, in scan_apk
scan_apk_androguard(apk, apk_file)
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 1527, in scan_apk_androguard
resource_id = arsc.get_id(apk['packageName'], icon_id)
File "/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", line 1668, in get_id
self._analyse()
File "/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", line 1321, in _analyse
ate = self.packages[package_name][nb + 3 + nb_i]
IndexError: list index out of range
```
Implemented as a fallback solution when parsing settings.gradle
and globbing the build dir with "'*', 'src', '*', 'play'" did not
yield results.
Before, the logic would not find triple-t metadata in projects where
settings.gradle is in a subdirectory or 'src' is found at a directory
depth != 2.
Closesfdroid/fdroiddata#2295
If a non-APK is added with the appid/packageName that matches some APKs, it
should through an error.
Traceback (most recent call last):
File "/home/hans/code/fdroid/server/fdroid", line 22, in <module>
fdroidserver.__main__.main()
File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 211, in main
mod.main()
File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 2343, in main
index.make(apps, sortedids, apks, repodirs[0], False)
File "/home/hans/code/fdroid/server/fdroidserver/index.py", line 142, in make
fdroid_signing_key_fingerprints)
File "/home/hans/code/fdroid/server/fdroidserver/index.py", line 166, in make_v1
v1_sort_packages(packages, fdroid_signing_key_fingerprints)
File "/home/hans/code/fdroid/server/fdroidserver/index.py", line 292, in v1_sort_packages
packages.sort(key=v1_sort_keys)
File "/home/hans/code/fdroid/server/fdroidserver/index.py", line 288, in v1_sort_keys
.format(apkfilename=package['apkName']))
fdroidserver.exception.FDroidException: at.roteskreuz.stopcorona_8.jobf does not have a valid signature!
```
Traceback (most recent call last):
File "../fdroid", line 22, in <module>
fdroidserver.__main__.main()
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/__main__.py", line 227, in main
raise e
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/__main__.py", line 208, in main
mod.main()
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 2340, in main
repoapps = prepare_apps(apps, apks, repodirs[0])
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 2176, in prepare_apps
copy_triple_t_store_metadata(apps_with_packages)
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 1076, in copy_triple_t_store_metadata
_set_author_entry(app, 'authorWebSite', os.path.join(root, f))
File "/var/lib/jenkins/userContent/reproducible/reproducible_fdroid_build_apps/fdroidserver/update.py", line 784, in _set_author_entry
with open(f, errors='replace') as fp:
FileNotFoundError: [Errno 2] No such file or directory: 'build/player.efis.cfd/pfd/src/main/play/contact-website.txt'
```
There are so many possible installation paths for Python modules, it has
been very hard to even find and test them all. This adds a fallback option
if the examples dir cannot be found. A repo can work without an icon or
the example config.py.
This removes the fake assumption that the icon can be a full path in the
config.py. While the path was being properly passed through to the index
file, the file was never copied properly into place nor rsynced to the web
server.
