This adds the option to configure which set of signatures `fdroid
scanner` should use, by configuring it in `config.yml`. It allows
fetching signatures in our custom json format. It also adds 3 additional
sources: 'suss', 'exodus', 'etip'
makebuildserver.config.py is no more, builder/Vagrantfile is now where the
CPU and memory is configured for the buildserver VM. In fact, that was
always the actual place, the makebuildserver.config.py thing was just
confused.
This should have been part of !1222
openjdk-11 11.0.17 in Debian unstable fails to verify weak signatures:
jarsigner -verbose -strict -verify tests/signindex/guardianproject.jar
131 Fri Dec 02 20:10:00 CET 2016 META-INF/MANIFEST.MF
252 Fri Dec 02 20:10:04 CET 2016 META-INF/1.SF
2299 Fri Dec 02 20:10:04 CET 2016 META-INF/1.RSA
0 Fri Dec 02 20:09:58 CET 2016 META-INF/
m ? 48743 Fri Dec 02 20:09:58 CET 2016 index.xml
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
? = unsigned entry
- Signed by "EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US"
Digest algorithm: SHA1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 4096-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01, include jdk.disabled.namedCurves
Make sudo, init prebuild, build and Prepare fields lists and only
concatenate them with '; ' before execution. This allows arbitrary
commands inside the fileds (even && and ';') as we don't need to split
the commands again for rewritemeta.
Years ago, vagrant-libvirt did not implement the `vagrant package` command
that we needed, and there were no Ruby people around to implement it for us.
So we hacked a custom version in our Python wrapper. Now, vagrant-libvirt
v0.7.0 does implement it, so this switches things to just using
`vagrant package`
dfdd2913 the logic to only write the status json upon build but before
the build happens. This makes sure that it is written after a
successful build or exception.
With my last merge request I accidentally intoduced a bug where
scanner.py stopped loading 'config.yml' because the helper functions
from common.py get called in the wrong places. This change fixes this
issue.
As discussed with _hc, we're going to keep the default values for
SUSS inside the python code for now. To avoid compilcated packaging
issues. Once fdroidserver does not have to support python verison older
than 3.7 we can utilize to `importlib.resources` for shipping these
defaults as separate file.
