git mirrors are meant to be an easy way to host a repo that is zero
maintenance. They are not meant to be the canonical repo with full,
preserved archive. This option provides the zero maintenance mode.
It is now possible to build an app using only things in Debian. Since the
buildserver will always control the contents of file:///usr/share/maven-repo,
it is the most safe repo there is.
When downloading a repo index, the downloaded index got written to a
file with `.write()` in a `with` clause. Before the file got actually
written to the disk, it got already passed into the next function,
resulting in a `VerificationException`:
```
JAR signature failed to verify: /tmp/tmppq2r51r0
jarsigner: java.util.zip.ZipException: zip file is empty
```
This behavior got introduced in
869cc114a3.
I've found this bug with help of Repomaker's tests: https://gitlab.com/fdroid/repomaker/merge_requests/215#note_148994053
Otherwise, this was posting mystery JSON parsing errors because it was
trying to parse the HTTP error page as JSON. This also moves the
virustotal API key to post data so it is not printed out in the stacktrace.
The mirrors are displayed in fdroidclient in the order they are received,
and there might be some reason why a repo maintainer wants them in a
specific order. The danger is that if the mirrors are set in config.py
using "mirrors = {'foo', bar'}" they will have a randomized order since it
will be in a set. They should be set using [] or () to have a fixed order.
This was done with much help from @uniqx. This is the first level of
supporting APK Signatures v1, v2, and v3. This is enough to include
APKs with any combo of v1/v2/v3 signatures. For this to work at all,
apksigner and androguard 3.3.3+ must be installed.
closes#399
androguard's v2 signature methods return DER-encoded certificates. The DER-
encoded certificates are parsed from JAR Signature's raw "Signature Block
File".
change glob filter for graphics to not filter out valid IETF RFC5646 locales (fixes#621 and #357)
Closes#357 and #621
See merge request fdroid/fdroidserver!611
$ ./hooks/pre-commit || export EXITVALUE=1
WARNING: ruby is not installed, using dummy placeholder!
fdroidserver/metadata.py:1180: use ==/!= to compare str, bytes, and int literals
fdroidserver/metadata.py:1184: use ==/!= to compare str, bytes, and int literals
fdroidserver/metadata.py:1186: use ==/!= to compare str, bytes, and int literals
fdroidserver/metadata.py:1189: use ==/!= to compare str, bytes, and int literals
ERROR: pyflakes tests failed!
Also, update the documentation comment to be absolutely clear.
The function used to copy images from any locale directory starting with at least two lowercase letters correctly, but only add those to the app metadata that started with two letters plus one big letter or a "-". The same problem did not exist for adding texts to the metadata.
buildserver: include build-tools 28.0.3
Added test aapt output files for build-tools 28.0.3
update.py: Still aapt output parsing, setting regex to catch 'name=' without prefixes, needed for build-tools 28.0.3
fdroid/fdroidserver!591
build-tools 28.0.3 added a new field in the end 'compileSdkVersionCodename=', which also accidentally ends with the string 'name='.
The purpose of this regex was to catch the 'packageName' field, which is in ht eaapt ouput the exact ' name=', therefore added whe non-caracter \W prefix match.
sample aapt output (28.0.3):
package: name='com.a.b.app' versionCode='1' versionName='1.0' compileSdkVersion='28' compileSdkVersionCodename='9'
previously, regex was catching second occurence, so '9'
See merge request !582
This has to do custom dict/encoder/decoder tricks in order to make sure
that each run of `fdroid verify` on the same files doesn't add duplicate
entries.
