This strictly enforces things like this only use https://:
* `Binaries:` / `binary:` URLs
* `fdroid signatures` fetching APKs
* `fdroid install` fetching from GitHub
This used to be enforced by !1734, but that bitrotted away and no longer
works. This is a better place to enforce this, since it is easier to
reliably find it in the APK rather than the source code.
Also, there might be valid use cases for using fdroidserver to build APKs
that are debuggable. There are other checks to ensure that debuggable APKs
are not published, e.g. in `fdroid update`.
48df58854c/fdroidserver/update.py (L1978)
ndk_paths is set up right after installing the NDK and right before
ndk_paths is used in Build.ndk_path().
A proper NDK install always has a _source.properties_ which declares
the revision and release strings. That is used as the source of
revision and release. This only reads from the local filesystem, and
reads the official source of version info (_source.properties_),
thereby avoiding any potential network calls that sdkmanager might
do. This implementation was inspired by @uniqx's:
ed931d47d7 (27b997d583cd1c0a05b2213437e0d9fe6536bfe3)
I have no idea what is causing this to fail, but the mkdtemp pattern used
in other test files seems to fix it.
https://gitlab.com/fdroid/fdroidserver/-/jobs/11776468083
======================================================================
ERROR: test_main (tests.test_signatures.SignaturesTest.test_main)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builds/fdroid/fdroidserver/tests/test_signatures.py", line 28, in test_main
with TemporaryDirectory() as tmpdir, TmpCwd(tmpdir):
^^^^^^^^^^^^^^
File "/builds/fdroid/fdroidserver/tests/shared_test_code.py", line 44, in __enter__
self.orig_cwd = os.getcwd()
^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory
----------------------------------------------------------------------
The new subcommands operate on a single APPID:VERSIONCODE pair, so this new
function fetches the metadata needed for that operation, and includes any
required checks.
The algorithm came from:
uniqx/fdroidserver@2b779e6599
This reworking of it includes:
* removed `check_disabled`, seems like the scheduler should handle that? If
it is required, it can be added later.
* standard variable names
* fixed spelling errors and hopefully improved docstrings
* black format
* added tests
* standardized the strings, made them localizable
Git will use the username/hostname to set the Author and Committer fields
if the config items user.name and user.email are not set. This might
inadvertently leak info about the machine that is hosting the deploy
process. So this changes it to be a hardcoded value, unless the repo
environment has explicitly set these values either in the Git config or in
environment variables.
This is included here and not there because it relies on lots of stuff that
was refactored. !1666 was broken out to get the fix out for fdroidclient
as soon as possible.
