mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-15 07:22:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
6246 commits 1 branch 69 tags 35 MiB
Commit graph

1076 commits

Author SHA1 Message Date
Marcus Hoffmann
9ae41cc1ff add support for gradle kotlin scripts 
https://guides.gradle.org/migrating-build-logic-from-groovy-to-kotlin/
Closes fdroid/fdroidserver#613

cherry-picked from Bubu/fdroidserver@7d2e9f9c
 2020-02-13 22:32:51 +01:00
Hans-Christoph Steiner
83ffeb855f prefer build.gradle with Android Plugin as source of package/version/code 
These days, the location that overrides all the others is in the android{}
block of the build.gradle file that loads the com.android.application
plugin.  So this should be the preferred place to read these values.

test files GPL licensed: https://github.com/Integreight/1Sheeld-Android-App
 2020-02-13 22:32:51 +01:00
Hans-Christoph Steiner
3b5e3a62a3
move getappname+getcvname to checkupdates, the only place they're used 2020-01-31 15:37:57 +01:00
Marcus
3bdbbfd45b Merge branch 'longer_titles' into 'master' 
bump title char_limit to 50

Closes fdroiddata#1906 and #726

See merge request fdroid/fdroidserver!702
 2020-01-14 13:54:41 +00:00
Hans-Christoph Steiner
e76a0c9d6a
git_mirror_size_limit config option to set max git mirror size 
GitHub and GitLab have some kinds of limits on how big a git repo can be,
this makes that option configurable.  This also is very useful for tests.
 2020-01-14 11:36:08 +01:00
Marcus Hoffmann
96ba194d65 bump title char_limit to 50 
This follows google play in doing so.
Closes fdroidserver#726, fdroid/fdroiddata#1906.
 2020-01-08 14:20:18 +01:00
Marcus Hoffmann
3403402fbc git force fetch tags 
The behaviour of fetching tags changed in git 2.20. We need to force
fetch tags to restore the earlier behaviour and make fdroid git
operations work with newer git versions.

Closes fdroid/fdroidserver#718
 2019-12-23 14:48:52 +01:00
Michael Pöhn
d2481375bb Merge branch 'archive_description' into 'master' 
archive description

See merge request fdroid/fdroidserver!694
 2019-12-15 16:34:16 +00:00
Hans-Christoph Steiner
7d40e89341
checkupdates: split out vercode parsing into testable function 2019-12-03 23:51:48 +01:00
Hans-Christoph Steiner
ddf1f8ea15
update: make default repo description translatable 2019-12-03 00:24:32 +01:00
Hans-Christoph Steiner
75639ba0e8
update: description is a hard requirement, set a default for archive 2019-12-03 00:23:56 +01:00
Jochen Sprickerhof
0e071a689d Support hex versionCode in build command line 
Example: fdroid build net.gaast.giggity:0x200
 2019-11-29 20:02:24 +01:00
Jochen Sprickerhof
b83c3c9e18 Support hex in versionCode 
Example: https://github.com/Wilm0r/giggity/blob/master/app/src/main/AndroidManifest.xml#L2
 2019-11-29 20:01:29 +01:00
Hans-Christoph Steiner
e6bf586e74
common: make v2 signature message a debug message 
https://gitlab.com/fdroid/fdroidserver/issues/703#note_238122327
closes #703
 2019-11-13 11:59:23 +01:00
Hans-Christoph Steiner
3354e66bd3
common: use standard format tags when generating the log name 2019-11-13 11:59:20 +01:00
Hans-Christoph Steiner
2cbde77798
build: do not crash if SVN URL pre-validation fails; log error 
This is the problem:
https://jenkins.debian.net/job/reproducible_fdroid_build_apps/704/console
 2019-11-13 11:59:18 +01:00
Hans-Christoph Steiner
0a8af2c55f Merge branch 'fix-readline-in-srclibs' into 'master' 
build: fix bad regexs when removing signingConfig from srclibs

See merge request fdroid/fdroidserver!686
 2019-10-25 08:18:08 +00:00
Hans-Christoph Steiner
afaa24f2fd
build: fix bad regexs when removing signingConfig from srclibs 
I went through the source of all apps in fdroiddata for examples, and found
some that use readLine() for things totally unrelated to signingConfigs.

https://gitlab.com/fdroid/fdroiddata/merge_requests/4775#note_234132902
 2019-10-23 12:44:47 +02:00
Michael Pöhn
7fa3c34e5b update tests for fixed log deployment+changelog 2019-10-15 15:19:18 +02:00
Michael Pöhn
d665106813 fix disappearing build logs when deploying 2019-10-15 14:28:45 +02:00
Michael Pöhn
d5ab303d83 lint: license override config option + require FSF/OSI approved licenses by default 2019-10-02 22:14:09 +02:00
Gerhard Olsson
7c4bed0558 UpdateCheckIgnore: Exception if version not matched 
Ignoreversions were checked also if version did not match which raised the exception
The 'version check' runs in some unexpected situations like just
to find directories where to find the AutoName.
 2019-07-23 00:21:28 +02:00
Hans-Christoph Steiner
26af94974a Merge branch 'rsync-buildslogs-to-webroot-repo' into 'master' 
build: rsync buildlogs to <webroot>/repo

See merge request fdroid/fdroidserver!651
 2019-07-10 08:55:04 +00:00
Michael Pöhn
2c87b5e6f9 deploy build logs: no timestamps 2019-07-06 16:48:56 +02:00
Michael Pöhn
f30983368c build: rsync buildlogs to <webroot>/repo 2019-07-06 16:48:56 +02:00
relan
781b55f777 checkupdates: match whole words 
Match only whole words when looking for versionCode, versionName, etc. in
manifests. A real build.gradle example:

    flutterVersionCode = '1'
    flutterVersionName = '1.0'
    ...
    defaultConfig {
        versionCode 53
        versionName "2.0.3"
    }

Before this change checkupdates was erroneously getting version code and
version name from the first two lines and failing to find a new release.
 2019-06-13 19:51:44 +03:00
Hans-Christoph Steiner
17dc231dc9 update: fix running without androguard 
Soon, we can rip out all the aapt parsing stuff, but not yet!
 2019-02-03 15:50:39 +01:00
Hans-Christoph Steiner
2907aa3ea3 fallback to v3 signatures if v1 and v2 are not available 2019-02-01 09:18:00 +01:00
Hans-Christoph Steiner
d96f5ff660 support APK Signature V2 when apksigner is installed 
This was done with much help from @uniqx.  This is the first level of
supporting APK Signatures v1, v2, and v3.  This is enough to include
APKs with any combo of v1/v2/v3 signatures.  For this to work at all,
apksigner and androguard 3.3.3+ must be installed.

closes #399
 2019-02-01 09:17:56 +01:00
Hans-Christoph Steiner
ea84014f9b make signer_fingerprint() accept DER encoded certs 
androguard's v2 signature methods return DER-encoded certificates.  The DER-
encoded certificates are parsed from JAR Signature's raw "Signature Block
File".
 2019-02-01 08:50:57 +01:00
Hans-Christoph Steiner
1f346b3149 force_exit() to make exit work with all fdroid build conditions 
The build command has to use some threading stuff to handle the timeout and
locks.  This seems to prevent the command from exiting, unless this hack is
used.
 2018-11-14 14:27:32 +01:00
Hans-Christoph Steiner
57556aceee remove redundant open() arg: encoding='utf8' 
By default, open() returns a str:
https://docs.python.org/3/library/functions.html#open

By default, str is UTF-8:
https://docs.python.org/3/library/stdtypes.html#str

This used to matter on Python 2.x, but this code is 3.x only now.
 2018-10-19 15:01:34 +02:00
Hans-Christoph Steiner
d2216b756b fix typos in strings 2018-09-24 17:09:15 +02:00
Hans-Christoph Steiner
6b57cb6b7c fix strict Application ID checks 
* upper case letters are allowed at all positions
* there must be a "." separator
 2018-09-24 17:07:27 +02:00
Hans-Christoph Steiner
11d46072ab use androguard primitives to speed up finding debuggable flag 
androguard parses the whole APK before handing the instance back, this uses
the primitives to just find the <application android:debuggable=""> value,
then stop parsing.

#557
 2018-09-21 14:56:46 +02:00
Hans-Christoph Steiner
a3cecc16a3 use partial androguard binary XML parsing to speed up APK ID lookup 
Normally, androguard parses the entire APK before it is possible to get any
values from it.  This uses androguard primitives to only attempt to parse
the AndroidManifest.xml, then to quit as soon as it gets what it needs.
This greatly speeds up the parsing (1 minute vs 60 minutes).

fdroid/fdroidserver#557
 2018-09-21 14:56:46 +02:00
Hans-Christoph Steiner
fa09337b4b APK_ID_TRIPLET_REGEX only matches first line of aapt output 
Stop expensive aapt parsing after the first line when looking with
APK_ID_TRIPLET_REGEX.  As is seen with the `aapt dump badging` output files
in tests/build-tools/, the first line is the only line that will ever match.

#557
 2018-09-21 14:56:32 +02:00
Hans-Christoph Steiner
807bf3d26b build: reuse common methods for getting metadata from APKs 
This splits out the code that gets the list of native ABIs supported, then
uses the standard methods for the rest.
 2018-09-18 10:55:51 +02:00
Hans-Christoph Steiner
487c4d02f3 handle package: line output from aapt v28 
fdroid/fdroiddata!3484
fdroid/fdroiddata!3562
fdroid/fdroidserver!548
 2018-09-18 10:55:51 +02:00
Hans-Christoph Steiner
9d12b1dc61 add strict, tested validation of Android/F-Droid package names 
Android has stricter rules than Java for Package Names, but anything the
Python regex thinks is valid must be valid according to Java's rules too.

https://developer.android.com/studio/build/application-id
 2018-09-07 14:17:39 +02:00
Hans-Christoph Steiner
9bccb2c73e temp fallback to built-in ElementTree if defusedxml is not there 2018-09-03 23:02:31 +02:00
Hans-Christoph Steiner
11b3e5be3a update: throw exception for APKs with invalid Application ID 
Android Application IDs must be valid Java Package Names.  While the build
tools likely validate the Application ID, it is possible to manually create
a malicious APK.
 2018-09-03 22:56:08 +02:00
Hans-Christoph Steiner
5d161cc9fd validate appid when reading metadata files 
The metadata file must be named after the Application ID of the app it is
describing, and Android Application IDs must be valid Java Package Names.
 2018-09-03 22:56:08 +02:00
Hans-Christoph Steiner
3ffe2860f3 gitlab-ci: add 'bandit' security scanner to all runs 
bandit is used by Radically Open Security and is part of the GitLab Ultimate
Static Application Security Testing (SAST) suite.

https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
 2018-08-29 17:48:06 +02:00
Hans-Christoph Steiner
4d13a904f3 use defusedxml to avoid DoS attacks while loading XML 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
cc94ebca30 use global constant for the 'xmlns:android' XML namespace 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
a089614225 checkupdates: remove magic number 99999999 from HTTP checks 
It is vestigal from old code and no longer is needed.
 2018-08-29 17:24:24 +02:00
Hans-Christoph Steiner
4503e7a92a replace unneeded eval() call and support negative versionCodes 2018-08-29 17:24:04 +02:00
Michael Pöhn
4dcfa95d6e fix: jarsigner and keytool lookup regression 2018-08-21 03:05:43 +02:00
Cyril Russo
81641b4628 Fixed precommit checks 2018-08-20 11:17:36 +02:00