Match only whole words when looking for versionCode, versionName, etc. in
manifests. A real build.gradle example:
flutterVersionCode = '1'
flutterVersionName = '1.0'
...
defaultConfig {
versionCode 53
versionName "2.0.3"
}
Before this change checkupdates was erroneously getting version code and
version name from the first two lines and failing to find a new release.
This was done with much help from @uniqx. This is the first level of
supporting APK Signatures v1, v2, and v3. This is enough to include
APKs with any combo of v1/v2/v3 signatures. For this to work at all,
apksigner and androguard 3.3.3+ must be installed.
closes#399
androguard's v2 signature methods return DER-encoded certificates. The DER-
encoded certificates are parsed from JAR Signature's raw "Signature Block
File".
The build command has to use some threading stuff to handle the timeout and
locks. This seems to prevent the command from exiting, unless this hack is
used.
androguard parses the whole APK before handing the instance back, this uses
the primitives to just find the <application android:debuggable=""> value,
then stop parsing.
#557
Normally, androguard parses the entire APK before it is possible to get any
values from it. This uses androguard primitives to only attempt to parse
the AndroidManifest.xml, then to quit as soon as it gets what it needs.
This greatly speeds up the parsing (1 minute vs 60 minutes).
fdroid/fdroidserver#557
Stop expensive aapt parsing after the first line when looking with
APK_ID_TRIPLET_REGEX. As is seen with the `aapt dump badging` output files
in tests/build-tools/, the first line is the only line that will ever match.
#557
Android Application IDs must be valid Java Package Names. While the build
tools likely validate the Application ID, it is possible to manually create
a malicious APK.
This expands the gradle wrapper shell script used by the buildserver for
usage outside the buildserver environment. It also allows downloading
whitelisted versions of gradle if they are not yet deployed to the
buildserver by simply upsating the copy of fdroidserver (in contrast to
having to reprovision the whole buildserver).
We first move the buildserver/gradle shell script to the repo root
as gradlew-fdroid, as it's an fdroid specific gradle wrapper.
We also now sync it inside the build VM before each build.
We then add a list of whitelisted gradle distributions taken from the
makebuildserver script.
The script additionally now reads two env vars which tell it where to
expect installed versions of gradle and where it might store downloaded
gradle .zip files. Both of those are configurable from config.py. As the
first should normally just be a subdir of the second it's not exposed in
the example config.py but only used by the buildserver config.py.
Default config now uses this internal gradle wrapper but a path to a
custom wrapper or specific gradle distribution can still be set from
config.py.
Closesfdroid/fdroidserver#98
Ref: fdroid/fdroidserver#370
On versions of diffoscope before 87, like the version included in Ubuntu
xenial LTS, it would crash saying:
ValueError: max_diff_block_lines (100) cannot be smaller than max_page_diff_block_lines (128)
https://bugs.debian.org/875451
This commit fixes two bugs with reproducible builds:
* Files added by the buildserver to META-INF (fdroidserverid and buildserverid)
were causing signature verification to always fail when --on-server was used.
Since they are not needed anymore, they are no longer added to APKs.
* When showing a diff between both APK files, `jar xf` did not extract
the full APK properly which was causing useless diffs.
Instead of using jar, python's zipfile library is used instead.
