#1 Create F-Droid repo

[ci skip]
2021-03-01 21:39:31 +01:00 · 2021-03-01 21:39:31 +01:00 · 63d9e849cb
commit 63d9e849cb
parent 569ec6a72f
5 changed files with 387 additions and 1 deletions
--- a/fastlane/Fastfile
+++ b/fastlane/Fastfile
@ -176,7 +176,25 @@ platform :android do |options|
        "android.injected.signing.key.password" => ENV["SIGNING_KEY_PASSWORD"],
      }
    )
-    
+
+    FileUtils.cp(lane_context[SharedValues::GRADLE_APK_OUTPUT_PATH], "repo/Cryptomator.apk")
+
+    sh("cp -r metadata/android/ metadata/org.cryptomator/")
+    sh("fdroid update && fdroid rewritemeta")
+    sh("rm -r metadata/org.cryptomator/")
+
+    aws_s3(
+        bucket: ENV['S3_BUCKET'],
+        endpoint: ENV['S3_ENDPOINT'],
+        region: ENV['S3_REGION'],
+        access_key: ENV['S3_ACCESS_KEY'],
+        secret_access_key: ENV['S3_SECRET_ACCESS_KEY'],
+        path: "android/fdroid",
+        folder: "fastlane/repo",
+        skip_html_upload: true,
+        apk: ''
+      )
+
    FileUtils.cp(lane_context[SharedValues::GRADLE_APK_OUTPUT_PATH], "release/Cryptomator-#{version}_fdroid_signed.apk")
  end

--- a/fastlane/config.yml
+++ b/fastlane/config.yml
@ -0,0 +1,352 @@
+---
+# Copy this file to config.yml, then amend the settings below according to
+# your system configuration.
+
+# Custom path to the Android SDK, defaults to $ANDROID_HOME
+# sdk_path: $ANDROID_HOME
+
+# Custom paths to various versions of the Android NDK, defaults to 'r12b' set
+# to $ANDROID_NDK. Most users will have the latest at $ANDROID_NDK, which is
+# used by default. If a version is missing or assigned to None, it is assumed
+# not installed.
+# ndk_paths:
+#   r10e: None
+#   r11c: None
+#   r12b: $ANDROID_NDK
+#   r13b: None
+#   r14b: None
+#   r15c: None
+#   r16b: None
+#   r17c: None
+#   r18b: None
+#   r19c: None
+#   r20b: None
+#   r21d: None
+
+# Directory to store downloaded tools in (i.e. gradle versions)
+# By default, these are stored in ~/.cache/fdroidserver
+# cachedir: cache
+
+# Specify paths to each major Java release that you want to support
+# java_paths:
+#   8: /usr/lib/jvm/java-8-openjdk
+
+# Build tools version to be used
+# build_tools: 28.0.3
+
+# Command or path to binary for running Ant
+# ant: ant
+
+# Command or path to binary for running maven 3
+# mvn3: mvn
+
+# Command or path to binary for running Gradle
+# Defaults to using an internal gradle wrapper (gradlew-fdroid).
+# gradle: gradle
+
+# Always scan the APKs produced by `fdroid build` for known non-free classes
+# scan_binary: true
+
+# Set the maximum age (in days) of an index that a client should accept from
+# this repo. Setting it to 0 or not setting it at all disables this
+# functionality. If you do set this to a non-zero value, you need to ensure
+# that your index is updated much more frequently than the specified interval.
+# The same policy is applied to the archive repo, if there is one.
+# repo_maxage: 0
+
+repo_url: https://cryptomator.org/android/repo
+repo_name: Cryptomator F-Droid Repo
+repo_icon: fdroid-icon.png
+repo_description: |
+  This is the official repository for the Cryptomator Android app.
+
+# As above, but for the archive repo.
+# archive_older sets the number of versions kept in the main repo, with all
+# older ones going to the archive. Set it to 0, and there will be no archive
+# repository, and no need to define the other archive_ values.
+archive_older: 0
+archive_url: https://cryptomator.org/android/archive
+archive_name: Cryptomator F-Droid Archive
+archive_icon: fdroid-icon.png
+archive_description: |
+  The repository of older versions of Cryptomator for Android.
+
+# This allows a specific kind of insecure APK to be included in the
+# 'repo' section.  Since April 2017, APK signatures that use MD5 are
+# no longer considered valid, jarsigner and apksigner will return an
+# error when verifying.  `fdroid update` will move APKs with these
+# disabled signatures to the archive.  This option stops that
+# behavior, and lets those APKs stay part of 'repo'.
+#
+# allow_disabled_algorithms: true
+
+# Normally, all apps are collected into a single app repository, like on
+# https://f-droid.org. For certain situations, it is better to make a repo
+# that is made up of APKs only from a single app. For example, an automated
+# build server that publishes nightly builds.
+# per_app_repos: true
+
+# `fdroid update` will create a link to the current version of a given app.
+# This provides a static path to the current APK. To disable the creation of
+# this link, uncomment this:
+# make_current_version_link: false
+
+# By default, the "current version" link will be based on the "Name" of the
+# app from the metadata. You can change it to use a different field from the
+# metadata here:
+# current_version_name_source: packageName
+
+# Optionally, override home directory for gpg
+# gpghome: /home/fdroid/somewhere/else/.gnupg
+
+# The ID of a GPG key for making detached signatures for apks. Optional.
+# gpgkey: 1DBA2E89
+
+# The key (from the keystore defined below) to be used for signing the
+# repository itself. This is the same name you would give to keytool or
+# jarsigner using -alias. (Not needed in an unsigned repository).
+repo_keyalias: {env: SIGNING_KEY_ALIAS}
+
+# Optionally, the public key for the key defined by repo_keyalias above can
+# be specified here. There is no need to do this, as the public key can and
+# will be retrieved from the keystore when needed. However, specifying it
+# manually can allow some processing to take place without access to the
+# keystore.
+# repo_pubkey: ...
+
+# The keystore to use for release keys when building. This needs to be
+# somewhere safe and secure, and backed up!  The best way to manage these
+# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
+# configure F-Droid to use a smartcard, set the keystore file using the keyword
+# "NONE" (i.e. keystore: "NONE"). That makes Java find the keystore on the
+# smartcard based on 'smartcardoptions' below.
+keystore: {env: SIGNING_KEYSTORE_PATH}
+
+# You should not need to change these at all, unless you have a very
+# customized setup for using smartcards in Java with keytool/jarsigner
+# smartcardoptions: |
+#   -storetype PKCS11 -providerName SunPKCS11-OpenSC
+#   -providerClass sun.security.pkcs11.SunPKCS11
+#   -providerArg opensc-fdroid.cfg
+
+# The password for the keystore (at least 6 characters). If this password is
+# different than the keypass below, it can be OK to store the password in this
+# file for real use. But in general, sensitive passwords should not be stored
+# in text files!
+keystorepass: {env: SIGNING_KEYSTORE_PASSWORD}
+
+# The password for keys - the same is used for each auto-generated key as well
+# as for the repository key. You should not normally store this password in a
+# file since it is a sensitive password.
+keypass: {env: SIGNING_KEY_PASSWORD}
+
+# The distinguished name used for all keys.
+# keydname: CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US
+
+# Use this to override the auto-generated key aliases with specific ones
+# for particular applications. Normally, just leave it empty.
+#
+# keyaliases:
+#   com.example.app: example
+#
+# You can also force an app to use the same key alias as another one, using
+# the @ prefix.
+#
+# keyaliases:
+#   com.example.another.plugin: "@com.example.another"
+
+
+# The full path to the root of the repository. It must be specified in
+# rsync/ssh format for a remote host/path. This is used for syncing a locally
+# generated repo to the server that is it hosted on. It must end in the
+# standard public repo name of "/fdroid", but can be in up to three levels of
+# sub-directories (i.e. /var/www/packagerepos/fdroid). You can include
+# multiple servers to sync to by wrapping the whole thing in {} or [], and
+# including the serverwebroot strings in a comma-separated list.
+#
+# serverwebroot: user@example:/var/www/fdroid
+# serverwebroot:
+#   - foo.com:/usr/share/nginx/www/fdroid
+#   - bar.info:/var/www/fdroid
+
+
+# When running fdroid processes on a remote server, it is possible to
+# publish extra information about the status.  Each fdroid sub-command
+# can create repo/status/running.json when it starts, then a
+# repo/status/<sub-command>.json when it completes.  The builds logs
+# and other processes will also get published, if they are running in
+# a buildserver VM.  The build logs name scheme is:
+# .../repo/$APPID_$VERCODE.log.gz.  These files are also pushed to all
+# servers configured in 'serverwebroot'.
+#
+# deploy_process_logs: true
+
+# The full URL to a git remote repository. You can include
+# multiple servers to mirror to by wrapping the whole thing in {} or [], and
+# including the servergitmirrors strings in a comma-separated list.
+# Servers listed here will also be automatically inserted in the mirrors list.
+#
+# servergitmirrors: https://github.com/user/repo
+# servergitmirrors:
+#   - https://github.com/user/repo
+#   - https://gitlab.com/user/repo
+
+# Most git hosting services have hard size limits for each git repo.
+# `fdroid deploy` will delete the git history when the git mirror repo
+# approaches this limit to ensure that the repo will still fit when
+# pushed.  GitHub recommends 1GB, gitlab.com recommends 10GB.
+#
+# git_mirror_size_limit: 10GB
+
+# Any mirrors of this repo, for example all of the servers declared in
+# serverwebroot and all the servers declared in servergitmirrors,
+# will automatically be used by the client.  If one
+# mirror is not working, then the client will try another.  If the
+# client has Tor enabled, then the client will prefer mirrors with
+# .onion addresses. This base URL will be used for both the main repo
+# and the archive, if it is enabled.  So these URLs should end in the
+# 'fdroid' base of the F-Droid part of the web server like serverwebroot.
+#
+# mirrors:
+#   - https://foo.bar/fdroid
+#   - http://foobarfoobarfoobar.onion/fdroid
+
+# optionally specify which identity file to use when using rsync or git over SSH
+#
+# identity_file: ~/.ssh/fdroid_id_rsa
+
+
+# If you are running the repo signing process on a completely offline machine,
+# which provides the best security, then you can specify a folder to sync the
+# repo to when running `fdroid deploy`. This is most likely going to
+# be a USB thumb drive, SD Card, or some other kind of removable media. Make
+# sure it is mounted before running `fdroid deploy`. Using the
+# standard folder called 'fdroid' as the specified folder is recommended, like
+# with serverwebroot.
+#
+# local_copy_dir: /media/MyUSBThumbDrive/fdroid
+
+
+# If you are using local_copy_dir on an offline build/signing server, once the
+# thumb drive has been plugged into the online machine, it will need to be
+# synced to the copy on the online machine. To make that happen
+# automatically, set sync_from_local_copy_dir to True:
+#
+# sync_from_local_copy_dir: true
+
+
+# To upload the repo to an Amazon S3 bucket using `fdroid server
+# update`.  Warning, this deletes and recreates the whole fdroid/
+# directory each time. This prefers s3cmd, but can also use
+# apache-libcloud.  To customize how s3cmd interacts with the cloud
+# provider, create a 's3cfg' file next to this file (config.yml), and
+# those settings will be used instead of any 'aws' variable below.
+# Secrets can be fetched from environment variables to ensure that
+# they are not leaked as part of this file.
+#
+# awsbucket: myawsfdroid
+# awsaccesskeyid: SEE0CHAITHEIMAUR2USA
+# awssecretkey: {env: awssecretkey}
+
+
+# If you want to force 'fdroid server' to use a non-standard serverwebroot.
+# This will allow you to have 'serverwebroot' entries which do not end in
+# '/fdroid'. (Please note that some client features expect repository URLs
+# to end in '/fdroid/repo'.)
+#
+# nonstandardwebroot: false
+
+
+# If you want to upload the release apk file to androidobservatory.org
+#
+# androidobservatory: false
+
+
+# If you want to upload the release apk file to virustotal.com
+# You have to enter your profile apikey to enable the upload.
+#
+# virustotal_apikey: 9872987234982734
+#
+# Or get it from an environment variable:
+#
+# virustotal_apikey: {env: virustotal_apikey}
+
+
+# The build logs can be posted to a mediawiki instance, like on f-droid.org.
+# wiki_protocol: http
+# wiki_server: server
+# wiki_path: /wiki/
+# wiki_user: login
+# wiki_password: 1234
+
+# Keep a log of all generated index files in a git repo to provide a
+# "binary transparency" log for anyone to check the history of the
+# binaries that are published.  This is in the form of a "git remote",
+# which this machine where `fdroid update` is run has already been
+# configured to allow push access (e.g. ssh key, username/password, etc)
+# binary_transparency_remote: git@gitlab.com:fdroid/binary-transparency-log.git
+
+# Only set this to true when running a repository where you want to generate
+# stats, and only then on the master build servers, not a development
+# machine. If you want to keep the "added" and "last updated" dates for each
+# app and APK in your repo, then you should enable this.
+# update_stats: true
+
+# When used with stats, this is a list of IP addresses that are ignored for
+# calculation purposes.
+# stats_ignore: []
+
+# Server stats logs are retrieved from. Required when update_stats is True.
+# stats_server: example.com
+
+# User stats logs are retrieved from. Required when update_stats is True.
+# stats_user: bob
+
+# Use the following to push stats to a Carbon instance:
+# stats_to_carbon: false
+# carbon_host: 0.0.0.0
+# carbon_port: 2003
+
+# Set this to true to always use a build server. This saves specifying the
+# --server option on dedicated secure build server hosts.
+# build_server_always: true
+
+# Limit in number of characters that fields can take up
+# Only the fields listed here are supported, defaults shown
+# char_limits:
+#   author: 256
+#   name: 50
+#   summary: 80
+#   description: 4000
+#   video: 256
+#   whatsNew: 500
+
+# It is possible for the server operator to specify lists of apps that
+# must be installed or uninstalled on the client (aka "push installs).
+# If the user has opted in, or the device is already setup to respond
+# to these requests, then F-Droid will automatically install/uninstall
+# the packageNames listed.  This is protected by the same signing key
+# as the app index metadata.
+#
+# install_list:
+#  - org.cryptomator
+
+# uninstall_list:
+#   - com.facebook.orca
+#   - com.android.vending
+
+# `fdroid lint` checks licenses in metadata against a built white list.  By
+# default we will require license metadata to be present and only allow
+# licenses approved either by FSF or OSI.  We're using the standardized SPDX
+# license IDs.  (https://spdx.org/licenses/)
+#
+# We use `python3 -m spdx-license-list print --filter-fsf-or-osi` for
+# generating our default list.  (https://pypi.org/project/spdx-license-list)
+#
+# You can override our default list of allowed licenes by setting this option.
+# Just supply a custom list of licene names you would like to allow. Setting
+# this to `None` disables this lint check.
+#
+# lint_licenses:
+#   - Custom-License-A
+#   - Another-License
--- a/fastlane/fdroid-icon.png
+++ b/fastlane/fdroid-icon.png
--- a/fastlane/metadata/org.cryptomator.yml
+++ b/fastlane/metadata/org.cryptomator.yml
@ -0,0 +1,14 @@
+Categories:
+  - Internet
+  - Security
+License: GPL-3.0
+AuthorName: Skymatic GmbH
+WebSite: https://cryptomator.org/
+SourceCode: https://github.com/cryptomator/android
+IssueTracker: https://github.com/cryptomator/android/issues
+Translation: https://crowdin.com/project/cryptomator-android
+Changelog: https://github.com/cryptomator/android/releases
+Donate: https://cryptomator.org/sponsors/
+
+AutoUpdateMode: None
+UpdateCheckMode: None
--- a/fastlane/repo/categories.txt
+++ b/fastlane/repo/categories.txt
@ -0,0 +1,2 @@
+Internet
+Security