From deab829263983bc9afb4488d1390446ad38aa18a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 14 Apr 2025 21:59:38 +0200 Subject: [PATCH] Initial commit --- config.yml | 369 ++++++++++++++++++++++++++++++++++++++++ index.nginx-debian.html | 23 +++ keystore.p12 | Bin 0 -> 4288 bytes 3 files changed, 392 insertions(+) create mode 100644 config.yml create mode 100644 index.nginx-debian.html create mode 100644 keystore.p12 diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..5fd2d4e --- /dev/null +++ b/config.yml @@ -0,0 +1,369 @@ +--- +# Copy this file to config.yml, then amend the settings below according to +# your system configuration. + +# Custom path to the Android SDK, defaults to $ANDROID_HOME +sdk_path: /usr/lib/android-sdk + + + +# Paths to installed versions of the Android NDK. This will be +# automatically filled out from well known sources like +# $ANDROID_HOME/ndk-bundle and $ANDROID_HOME/ndk/*. If a required +# version is missing in the buildserver VM, it will be automatically +# downloaded and installed into the standard $ANDROID_HOME/ndk/ +# directory. Manually setting it here will override the auto-detected +# values. The keys can either be the "release" (e.g. r21e) or the +# "revision" (e.g. 21.4.7075529). +# +# ndk_paths: +# r10e: $ANDROID_HOME/android-ndk-r10e +# r17: "" +# 21.4.7075529: ~/Android/Ndk +# r22b: null + +# Directory to store downloaded tools in (i.e. gradle versions) +# By default, these are stored in ~/.cache/fdroidserver +# cachedir: cache + +# Specify paths to each major Java release that you want to support +# java_paths: +# 8: /usr/lib/jvm/java-8-openjdk + +# Command or path to binary for running Ant +# ant: ant + +# Command or path to binary for running maven 3 +# mvn3: mvn + +# Command or path to binary for running Gradle +# Defaults to using an internal gradle wrapper (gradlew-fdroid). +# gradle: gradle + +# Always scan the APKs produced by `fdroid build` for known non-free classes +# scan_binary: true + +# Set the maximum age (in days) of an index that a client should accept from +# this repo. Setting it to 0 or not setting it at all disables this +# functionality. If you do set this to a non-zero value, you need to ensure +# that your index is updated much more frequently than the specified interval. +# The same policy is applied to the archive repo, if there is one. +# repo_maxage: 0 + +# Canonical URL of the repositoy, needs to end in /repo. Is is used to identity +# the repo in the client, as well. +# repo_url: https://MyFirstFDroidRepo.org/fdroid/repo +# repo_name: My First F-Droid Repo Demo +# repo_description: >- +# This is a repository of apps to be used with F-Droid. Applications +# in this repository are either official binaries built by the +# original application developers, or are binaries built from source +# by the admin of f-droid.org using the tools on +# https://gitlab.com/fdroid. + +# As above, but for the archive repo. +# +# archive_url: https://f-droid.org/archive +# archive_name: My First F-Droid Archive Demo +# archive_description: >- +# The repository of older versions of packages from the main demo repository. + +# archive_older sets the number of versions kept in the main repo, with all +# older ones going to the archive. Set it to 0, and there will be no archive +# repository, and no need to define the other archive_ values. +# +# archive_older: 3 + +# The repo's icon defaults to a file called 'icon.png' in the 'icons' +# folder for each section, e.g. repo/icons/icon.png and +# archive/icons/icon.png. To use a different filename for the icons, +# set the filename here. You must still copy it into place in +# repo/icons/ and/or archive/icons/. +# +# repo_icon: myicon.png +# archive_icon: myicon.png + +# This allows a specific kind of insecure APK to be included in the +# 'repo' section. Since April 2017, APK signatures that use MD5 are +# no longer considered valid, jarsigner and apksigner will return an +# error when verifying. `fdroid update` will move APKs with these +# disabled signatures to the archive. This option stops that +# behavior, and lets those APKs stay part of 'repo'. +# +# allow_disabled_algorithms: true + +# Normally, all apps are collected into a single app repository, like on +# https://f-droid.org. For certain situations, it is better to make a repo +# that is made up of APKs only from a single app. For example, an automated +# build server that publishes nightly builds. +# per_app_repos: true + +# `fdroid update` will create a link to the current version of a given app. +# This provides a static path to the current APK. To disable the creation of +# this link, uncomment this: +# make_current_version_link: false + +# By default, the "current version" link will be based on the "Name" of the +# app from the metadata. You can change it to use a different field from the +# metadata here: +# current_version_name_source: packageName + +# Optionally, override home directory for gpg +# gpghome: /home/fdroid/somewhere/else/.gnupg + +# The ID of a GPG key for making detached signatures for APKs. Optional. +# gpgkey: 1DBA2E89 + +# The key (from the keystore defined below) to be used for signing the +# repository itself. This is the same name you would give to keytool or +# jarsigner using -alias. (Not needed in an unsigned repository). +repo_keyalias: fdroid.box + + + +# Optionally, the public key for the key defined by repo_keyalias above can +# be specified here. There is no need to do this, as the public key can and +# will be retrieved from the keystore when needed. However, specifying it +# manually can allow some processing to take place without access to the +# keystore. +# repo_pubkey: ... + +# The keystore to use for release keys when building. This needs to be +# somewhere safe and secure, and backed up! The best way to manage these +# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To +# configure F-Droid to use a smartcard, set the keystore file using the keyword +# "NONE" (i.e. keystore: "NONE"). That makes Java find the keystore on the +# smartcard based on 'smartcardoptions' below. +keystore: keystore.p12 + + + +# You should not need to change these at all, unless you have a very +# customized setup for using smartcards in Java with keytool/jarsigner +# smartcardoptions: | +# -storetype PKCS11 -providerName SunPKCS11-OpenSC +# -providerClass sun.security.pkcs11.SunPKCS11 +# -providerArg opensc-fdroid.cfg + +# The password for the keystore (at least 6 characters). If this password is +# different than the keypass below, it can be OK to store the password in this +# file for real use. But in general, sensitive passwords should not be stored +# in text files! +keystorepass: y9Y9MVRx1nfWL6Zc4fy60hoPa7euDVlnhZ35KRyanxI= + + + +# The password for keys - the same is used for each auto-generated key as well +# as for the repository key. You should not normally store this password in a +# file since it is a sensitive password. +keypass: y9Y9MVRx1nfWL6Zc4fy60hoPa7euDVlnhZ35KRyanxI= + + + +# The distinguished name used for all keys. +keydname: CN=fdroid.box, OU=F-Droid + + + +# Use this to override the auto-generated key aliases with specific ones +# for particular applications. Normally, just leave it empty. +# +# keyaliases: +# com.example.app: example +# +# You can also force an app to use the same key alias as another one, using +# the @ prefix. +# +# keyaliases: +# com.example.another.plugin: "@com.example.another" + + +# The full path to the root of the repository. It must be specified in +# rsync/ssh format for a remote host/path. This is used for syncing a locally +# generated repo to the server that is it hosted on. It must end in the +# standard public repo name of "/fdroid", but can be in up to three levels of +# sub-directories (i.e. /var/www/packagerepos/fdroid). You can include +# multiple servers to sync to by wrapping the whole thing in {} or [], and +# including the serverwebroot strings in a comma-separated list. +# +# serverwebroot: user@example:/var/www/fdroid +# serverwebroot: +# - foo.com:/usr/share/nginx/www/fdroid +# - bar.info:/var/www/fdroid + + +# When running fdroid processes on a remote server, it is possible to +# publish extra information about the status. Each fdroid sub-command +# can create repo/status/running.json when it starts, then a +# repo/status/.json when it completes. The builds logs +# and other processes will also get published, if they are running in +# a buildserver VM. The build logs name scheme is: +# .../repo/$APPID_$VERCODE.log.gz. These files are also pushed to all +# servers configured in 'serverwebroot'. +# +# deploy_process_logs: true + +# The full URL to a git remote repository. You can include +# multiple servers to mirror to by wrapping the whole thing in {} or [], and +# including the servergitmirrors strings in a comma-separated list. +# Servers listed here will also be automatically inserted in the mirrors list. +# +# servergitmirrors: https://github.com/user/repo +# servergitmirrors: +# - https://github.com/user/repo +# - https://gitlab.com/user/repo + +# Most git hosting services have hard size limits for each git repo. +# `fdroid deploy` will delete the git history when the git mirror repo +# approaches this limit to ensure that the repo will still fit when +# pushed. GitHub recommends 1GB, gitlab.com recommends 10GB. +# +# git_mirror_size_limit: 10GB + +# Any mirrors of this repo, for example all of the servers declared in +# serverwebroot and all the servers declared in servergitmirrors, +# will automatically be used by the client. If one +# mirror is not working, then the client will try another. If the +# client has Tor enabled, then the client will prefer mirrors with +# .onion addresses. This base URL will be used for both the main repo +# and the archive, if it is enabled. So these URLs should end in the +# 'fdroid' base of the F-Droid part of the web server like serverwebroot. +# +# mirrors: +# - https://foo.bar/fdroid +# - http://foobarfoobarfoobar.onion/fdroid + +# optionally specify which identity file to use when using rsync or git over SSH +# +# identity_file: ~/.ssh/fdroid_id_rsa + + +# If you are running the repo signing process on a completely offline machine, +# which provides the best security, then you can specify a folder to sync the +# repo to when running `fdroid deploy`. This is most likely going to +# be a USB thumb drive, SD Card, or some other kind of removable media. Make +# sure it is mounted before running `fdroid deploy`. Using the +# standard folder called 'fdroid' as the specified folder is recommended, like +# with serverwebroot. +# +# local_copy_dir: /media/MyUSBThumbDrive/fdroid + + +# If you are using local_copy_dir on an offline build/signing server, once the +# thumb drive has been plugged into the online machine, it will need to be +# synced to the copy on the online machine. To make that happen +# automatically, set sync_from_local_copy_dir to True: +# +# sync_from_local_copy_dir: true + + +# To upload the repo to an Amazon S3 bucket using `fdroid server +# update`. Warning, this deletes and recreates the whole fdroid/ +# directory each time. This prefers s3cmd, but can also use +# apache-libcloud. To customize how s3cmd interacts with the cloud +# provider, create a 's3cfg' file next to this file (config.yml), and +# those settings will be used instead of any 'aws' variable below. +# Secrets can be fetched from environment variables to ensure that +# they are not leaked as part of this file. +# +# awsbucket: myawsfdroid +# awsaccesskeyid: SEE0CHAITHEIMAUR2USA +# awssecretkey: {env: awssecretkey} + + +# If you want to force 'fdroid server' to use a non-standard serverwebroot. +# This will allow you to have 'serverwebroot' entries which do not end in +# '/fdroid'. (Please note that some client features expect repository URLs +# to end in '/fdroid/repo'.) +# +# nonstandardwebroot: false + + +# If you want to upload the release APK file to androidobservatory.org +# +# androidobservatory: false + + +# If you want to upload the release APK file to virustotal.com +# You have to enter your profile apikey to enable the upload. +# +# virustotal_apikey: 9872987234982734 +# +# Or get it from an environment variable: +# +# virustotal_apikey: {env: virustotal_apikey} + + +# Keep a log of all generated index files in a git repo to provide a +# "binary transparency" log for anyone to check the history of the +# binaries that are published. This is in the form of a "git remote", +# which this machine where `fdroid update` is run has already been +# configured to allow push access (e.g. ssh key, username/password, etc) +# binary_transparency_remote: git@gitlab.com:fdroid/binary-transparency-log.git + +# If you want to keep the "added" and "last updated" dates for each +# app and APK in your repo, enable this. The name comes from an old +# system for tracking statistics that is no longer included. +# update_stats: true + +# Set this to true to always use a build server. This saves specifying the +# --server option on dedicated secure build server hosts. +# build_server_always: true + +# Limit in number of characters that fields can take up +# Only the fields listed here are supported, defaults shown +# char_limits: +# author: 256 +# name: 50 +# summary: 80 +# description: 4000 +# video: 256 +# whatsNew: 500 + +# It is possible for the server operator to specify lists of apps that +# must be installed or uninstalled on the client (aka "push installs). +# If the user has opted in, or the device is already setup to respond +# to these requests, then F-Droid will automatically install/uninstall +# the packageNames listed. This is protected by the same signing key +# as the app index metadata. +# +# install_list: +# - at.bitfire.davdroid +# - com.fsck.k9 +# - us.replicant +# +# uninstall_list: +# - com.facebook.orca +# - com.android.vending + +# `fdroid lint` checks licenses in metadata against a built white list. By +# default we will require license metadata to be present and only allow +# licenses approved either by FSF or OSI. We're using the standardized SPDX +# license IDs. (https://spdx.org/licenses/) +# +# We use `python3 -m spdx-license-list print --filter-fsf-or-osi` for +# generating our default list. (https://pypi.org/project/spdx-license-list) +# +# You can override our default list of allowed licenes by setting this option. +# Just supply a custom list of licene names you would like to allow. To disable +# checking licenses by the linter, assign an empty value to lint_licenses. +# +# lint_licenses: +# - Custom-License-A +# - Another-License + +# `fdroid scanner` can scan for signatures from various sources. By default +# it's configured to only use F-Droids official SUSS collection. We have +# support for these special collections: +# * 'exodus' - official exodus-privacy.org signatures +# * 'etip' - exodus privacy investigation platfrom community contributed +# signatures +# * 'suss' - official F-Droid: Suspicious or Unwanted Software Signatures +# You can also configure scanner to use custom collections of signatures here. +# They have to follow the format specified in the SUSS readme. +# (https://gitlab.com/fdroid/fdroid-suss/#cache-file-data-format) +# +# scanner_signature_sources: +# - suss +# - exodus +# - https://example.com/signatures.json diff --git a/index.nginx-debian.html b/index.nginx-debian.html new file mode 100644 index 0000000..e8f5622 --- /dev/null +++ b/index.nginx-debian.html @@ -0,0 +1,23 @@ + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + diff --git a/keystore.p12 b/keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..54160c523eee7bd4554b8bec55a90730c5621a48 GIT binary patch literal 4288 zcma)9XEYp+v$cz5S+Sz`o)uZF-V@zQgb*!C)Q#SIXLZqQbU~EpH6(}-Y=|BaHEPt= z*(h26yz}1q{m%RJ-Z?X8=FGiwzs?;58rlg25F*gf7a%ZyG%^}T0U!YsqoIaGXz0_w zV{HVQOyYk*WH2H$8Ta2Y``=^+k^j#YgbV;IMuU40XmBUuUom0|#507{KLW%M#62RK zXA@;r%w>InC z`p{-&8c?a6j%UgFTPq?o_(`V2P#TZcI=AM%gr^X0P{YVY1<~S0L76Sk27D)GRrdf_ zpno>TPh?;G)zL{5lKDrUYdMuQIk1bqfEXm`SE=? zrj-<>79;KJK*RwI(L%VZs66B$u~B^9H@_s?aEp^UqDos8To|IfU(#`C1X^#l|D#(w z$)gfRc_h!Y^nI)cr(Y<~rOfkWpIzUGV0AkBwq9FK!}lDYc5b0$uqAIU)Xp-clrZzV zZkb2RsMm-z*J;r8F#8;y^A~34Z?JBiTr#+FW1I5{3s}QhoD?{%UEQG$j5n5W@ z7*8QKgT`nENc+o?ogIA?K^(B~b8cT*n*>Jo+$Rz_lCUq!DeC0+(HbqqO*mc$T68yr( z%X9?qil5u&$rAdzhI|bSE0LWe&%;vqCW#oiWT<*(ElTN+M(2TKM%rzW*ia?-qRQ?q ztoi%eS8T65zwCef6#JNbVl(L-eDqxk9{@n|K^e z9!Ffj(j;JVCYx%}KDY4SVVt&{B^g(~#$mN8 zbbsRT>yyZCYJ$#JKMq&OE%tL1p-3jIbQRApp~>7L$EcragN-7{**Q9tg>vN*rHJrfm@iYX) z)z4W4?nzUStqpAKP2kw?`pKr-YEDtZbC7Uh`}$~OXF9Vs?*|7w&j>Dp&$62N#o0t6 zH$3cEi1O2Vpz4(Q_)_wRv-W~KpIP$bH_RW4lLGQlt!r(Ogvaq4L<=?hOI5w@^7=W8Ih!5~fWi&%#j&k17rammNDBwt95qoqR^arS;6XFMyJ${PRMR za4F9##Hi;ZaSQPAG1xX-O4MW~0v4N<9tMBzp`*0N6~=zAON6BV@_hyM^P`n7e02gv z0$n8q5`SE?5Cv}~O1%vrmeCPkxm+}_2bNQFsp7`4tF;lXIRJ0MZ557s?$PA-VtKaO z$xVYpOw&p0O|%2}=!Cy3S7$V82#&%qGeRzH$FpAG7jnIHgX=XPv-r`M-Y{$y84*e= zR(lPrz7V!vB29_z9q*W_jdY0Gb%-A;0j2zY&%1mDW<0BVLE98YDa@6OfW1t2-u5#^ zus&>><8|C^OX$J~`?RAoh8bg}7bmtIhFW)f#Lj!TIoE>_a?%fF=P8)QE_E4vsh0TL zOBt6Zu8o_+eeWVFLbi&ZN|PQ?HXD2j75&8^b7q`!UYx$d3olf)?(kr;oOKp$+Bi2J zH^JS~i2Lf)R5kPZsz0PTE_cw~vVUy-$g&%1An<%KOeA5^5V&C!PX(avB0E(#$FJI5 z7|=5!&Nb851L{%emLRnSs!!5bb%ASrQ*-8x5ZyA8-Te!#G{VznZnYM^@PH1MM$XM4 zX?o1Hdb;`@)Aj>#90*r&w_Gz*LWIXBWzqixMN~V&a`@4d@tW6fDz4&c<$E*OhWO+0 z>~-tHst39MCoVkJa`s`lxN21dFmokNz~D#)RAHiu*b>t@3mlHw)i2TQ|734mSG84L z>6cWGlhj+FcfJ-1JkLLL?!BAY7Pa?84U6PqCxxQ?;|m+#YC4)?nk5rfJ0qAGe^H1{ zGn`xdy(g8DxDeuSd%7YtEA@uVKvM8{sYBU1slu@a5bX%bCT%cK%E6-C0#WCuRpKHd z4gNC6dmB1apP>++%Y+Y9L;dw88`z;i5eys59_3e_w`V~f4 zv+PvPoxnoV)GEpfQ*0*vLQOwCl?I0i9nwmdG* zd*UlGU@pw8z)YAqwflnl3oGCOpV)*N|GDh!p~hD|+$KSEijFe9KTo#9Gv4G~L*%s+ z#4CN_olD&rk@fO5xk@WdPZ^cLm+Cgzko7XFP0C5Q%X7+mcWeuUgr0uv0|hveL=BMq z?iJG?Qacc7i4}W+8*{(`A|I+bj1Ko1WyyijbMVjDTdJD(? zt$I}YPcAkm8f`FHazkQt%Xi)vAUOrrsuWBJ;Ml-Kxm>dpRX97(=YoDm2AH?xw< z@sRO0a}>t2jK_RKj*zlz{AQh2)VS~27W+m(>xmlV^;pr!5i(5xjrr(DtV`|h>{@I;Lur~giSy7t+5uJ4 zxLm{R_tx2H|oNRTJ-yde3rTo4^)BX(!=>%ki^y4C@#1+f5+_pBb~t#{@(F; z3EEEeA-M`+B!c@Ny9TBaremWactK!8;6dO@VE?xY5?KB1{1BY~l4yl#h;HlIJEJ&+ zCB?)fBoLzFB8b0%22uS(A^{bnK|lnW7!L#x{4KbD5y1at7rPIBT-_g?wxyEqUJGKZ z&T0tTV*mfx#V!$hZCc4|b`3#xWdsZTWEh$_EEaQ#8f#D;GQQv~s@*Z5X@uFw&NuZg zH79)Pt4r63Ji8>idiwb{dA}~WoFz&*+_wFa&+(Z0@ebXW=M%0u7nQ055eqeAvTsWj zmW*0L3U>U5GnD$JC~(xmwfN$*8F4WpH6ak@>;&j~FTn&5)5PR`Q7c5#Fsw*Y{in81 zk=Nx>_X|@DiaU8rlhNUw$_}8bTSW`imb;5tG@YhE9+55wMDzL_6>)zWmZ09Zb6cI? zlnTzTgp>uYrIfKR_^i%Osi|v`r5QeAe(~gHOFkOHD`|duuU&d)nJcQLDoh46ha~cQ zyBJ$FcAccK*2tA0JWXeLUX#Qs2#NZMT_$bBNCD)w-P|2~Ks>S>trK;o6r|pSC2F7g@q(hu?5LzYVr+5Z&2$@W-$6b%V$xIcX2} z6QGy50Q|>YJN}(6G2q?nD}tfM|O~QjDB=Wp!L3ZWD6U*r&eQyR810%di>>m(@_g%+Q zJb>ymeO}1Gfw!{RmfSDz^2k1UvgXA2=67HIuh5j~^=^W~!qJ|kuqY&{+_QO6Td+&J@LPf#=tWl$Pb z25v_dUhjx#I**Cs! z1g~0A_3dRHH^(sFK0VrEzyj?`{^yPO-tv$2JgYsgVGhZ>1Nv98Zl3fV7R9VSa6tsQ ze;2%x)__i<+3_)FW=Xkb+Qw#=hCd3Su^@2)h?G^3A%6jrS~h*^a$e>* zKT)X~#$YJOGvuR0Ial)srE~;FxamB(}x0`uIN<~bL|1|FIvt<0%>*&R= z0eP3-*m>*{8AuP*{ZE{06zTR9vaXG+2@I&EBy_JClcDMZxmADoietHLGHj01(>jF2 zud_L8G-$2)Ifa~+0MDN`|pGChEbhS@Kztx)~q-lKfgD8S& zg(^26LdC6;8Xt_%s>8PLpi1cD0yu7%pkT}UMyucRl<=ACLx*SQMfMAzW}XS#a=tH} zKtK1E`1Mp(v%GqE*(^S*>Gl*5ldIr+g7{=khR^t8Qg9JumMxTc6TcRlv4bXS-?=s(vUpj%yDA>a89@L$JLiZQG3{S1 ztDyB>kbB9N`oQhD`spE+g2mQ!88e)Hz^{%J~s7veEO7(wyRR}Tab6A*E*vgw9> z^pw4~WdTS}G$j}Sb~I5`ik*tQU87zxsbu~_MDuInDn>6c>CI)NAmryuZeR