From 59018a887bca889e53855973f9804b1c41fcad28 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 16 Sep 2020 18:18:06 +0200 Subject: [PATCH 1/4] gitlab-ci: ensure android-23 is present for `fdroid build` test This test builds https://gitlab.com/fdroid/ci-test-app, which uses android-23 --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 14807970..40b87667 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,8 @@ test: image: registry.gitlab.com/fdroid/ci-images-server:latest script: - $pip install -e .[test] + # the `fdroid build` test in tests/run-tests needs android-23 + - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platforms;android-23" - cd tests - ./complete-ci-tests From af4a2ab7361371e02863672f57b7b1d88fa56b55 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 6 Aug 2020 15:44:37 +0200 Subject: [PATCH 2/4] gitlab-ci: speed up test runs that do not need git history GIT_DEPTH sets how many commits of history to clone in CI Jobs. gitlab.com defaults to 50 with a max of 1000. The metadata_v0 job is the only job that needs history, and it needs more than 50. So this sets the default to 1, then metadata_v0 to 1000. https://docs.gitlab.com/ee/ci/pipelines/settings.html#git-shallow-clone --- .gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 40b87667..148885d2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,8 @@ variables: pip: pip3 --timeout 100 --retries 10 +# speed up git checkout phase + GIT_DEPTH: 1 test: @@ -22,6 +24,7 @@ test: metadata_v0: image: registry.gitlab.com/fdroid/ci-images-server:latest variables: + GIT_DEPTH: 1000 RELEASE_COMMIT_ID: 37f37ebd88e79ebe93239b72ed5503d5bde13f4b # 2.0a~ script: - git fetch https://gitlab.com/fdroid/fdroidserver.git $RELEASE_COMMIT_ID From ad6985cb4041de5192edcd8a14e4cdd7c084572b Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 20 Aug 2020 14:38:42 +0200 Subject: [PATCH 3/4] update: allow --nosign to work with only repo_pubkey set repo_pubkey is required for `fdroid update --nosign`, but repo_keyalias is not. For regular signing, the opposite true. --- fdroidserver/index.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fdroidserver/index.py b/fdroidserver/index.py index 7e76f299..6d247141 100644 --- a/fdroidserver/index.py +++ b/fdroidserver/index.py @@ -566,7 +566,8 @@ def make_v0(apps, apks, repodir, repodict, requestsdict, fdroid_signing_key_fing with open(os.path.join(repodir, 'index.xml'), 'wb') as f: f.write(output) - if 'repo_keyalias' in common.config: + if 'repo_keyalias' in common.config \ + or (common.options.nosign and 'repo_pubkey' in common.config): if common.options.nosign: logging.info(_("Creating unsigned index in preparation for signing")) From 8c1cf724e1e4a550939a635e5a4bb70ddfbe7d5b Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 9 Sep 2020 19:01:53 +0200 Subject: [PATCH 4/4] init: force keystore to PKCS12 format Java 8 supports PKCS12, Java 9+ uses PKCS12 by default, which should have a .p12 file extension. `fdroid init` has always just added .jks which is the old default format. * https://docs.oracle.com/en/java/javase/12/tools/keytool.html#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__GUID-A8B9E662-C1C2-4A0E-9307-A8464F0E95D4 * https://openjdk.java.net/jeps/229 --- fdroidserver/common.py | 3 ++- tests/publish.TestCase | 4 ++-- tests/rewritemeta.TestCase | 10 ---------- tests/run-tests | 20 ++++++++++---------- 4 files changed, 14 insertions(+), 23 deletions(-) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index daa652b9..9b8f59cf 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -134,7 +134,7 @@ default_config = { 'stats_to_carbon': False, 'repo_maxage': 0, 'build_server_always': False, - 'keystore': 'keystore.jks', + 'keystore': 'keystore.p12', 'smartcardoptions': [], 'char_limits': { 'author': 256, @@ -3425,6 +3425,7 @@ def genkeystore(localconfig): '-keyalg', 'RSA', '-keysize', '4096', '-sigalg', 'SHA256withRSA', '-validity', '10000', + '-storetype', 'pkcs12', '-storepass:env', 'FDROID_KEY_STORE_PASS', '-dname', localconfig['keydname'], '-J-Duser.language=en'] diff --git a/tests/publish.TestCase b/tests/publish.TestCase index 38691f85..d0d08376 100755 --- a/tests/publish.TestCase +++ b/tests/publish.TestCase @@ -3,10 +3,10 @@ # # command which created the keystore used in this test case: # -# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \ +# $ for ALIAS in repokey a163ec9b d2d51ff2 dc3b169e 78688a0f; \ # do keytool -genkey -keystore dummy-keystore.jks \ # -alias $ALIAS -keyalg 'RSA' -keysize '2048' \ -# -validity '10000' -storepass 123456 \ +# -validity '10000' -storepass 123456 -storetype jks \ # -keypass 123456 -dname 'CN=test, OU=F-Droid'; done # diff --git a/tests/rewritemeta.TestCase b/tests/rewritemeta.TestCase index 8a7d41e4..c4b34867 100755 --- a/tests/rewritemeta.TestCase +++ b/tests/rewritemeta.TestCase @@ -1,15 +1,5 @@ #!/usr/bin/env python3 -# -# command which created the keystore used in this test case: -# -# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \ -# do keytool -genkey -keystore dummy-keystore.jks \ -# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \ -# -validity '10000' -storepass 123456 \ -# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done -# - import inspect import logging import optparse diff --git a/tests/run-tests b/tests/run-tests index dc4e934f..77d2734d 100755 --- a/tests/run-tests +++ b/tests/run-tests @@ -778,7 +778,7 @@ $fdroid server update --local-copy-dir=$LOCALCOPYDIR # check that --android-home fails when dir does not exist or is not a dir REPOROOT=`create_test_dir` -KEYSTORE=$REPOROOT/keystore.jks +KEYSTORE=$REPOROOT/keystore.p12 cd $REPOROOT set +e $fdroid init --keystore $KEYSTORE --android-home /opt/fakeandroidhome @@ -805,7 +805,7 @@ echo_header "check that fake android home passes 'fdroid init'" REPOROOT=`create_test_dir` FAKE_ANDROID_HOME=`create_test_dir` create_fake_android_home $FAKE_ANDROID_HOME -KEYSTORE=$REPOROOT/keystore.jks +KEYSTORE=$REPOROOT/keystore.p12 cd $REPOROOT $fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME @@ -820,7 +820,7 @@ else FAKE_ANDROID_HOME=`create_test_dir` create_fake_android_home $FAKE_ANDROID_HOME rm -f $FAKE_ANDROID_HOME/build-tools/*/aapt - KEYSTORE=$REPOROOT/keystore.jks + KEYSTORE=$REPOROOT/keystore.p12 cd $REPOROOT set +e $fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME @@ -835,7 +835,7 @@ echo_header "check that --android-home overrides ANDROID_HOME" REPOROOT=`create_test_dir` FAKE_ANDROID_HOME=`create_test_dir` create_fake_android_home $FAKE_ANDROID_HOME -KEYSTORE=$REPOROOT/keystore.jks +KEYSTORE=$REPOROOT/keystore.p12 cd $REPOROOT $fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME set +e @@ -859,7 +859,7 @@ else echo_header "setup a new repo from scratch with keystore and android-home set on cmd line" REPOROOT=`create_test_dir` - KEYSTORE=$REPOROOT/keystore.jks + KEYSTORE=$REPOROOT/keystore.p12 FAKE_ANDROID_HOME=`create_test_dir` create_fake_android_home $FAKE_ANDROID_HOME STORED_ANDROID_HOME=$ANDROID_HOME @@ -916,7 +916,7 @@ grep -F '