search

ukhsa-collaboration / covid-19-app-android-ag-public

COVID19 Android app
Other
142 stars 31 forks source link

Is the configuration repo up to date? #15

Closed bencord0 closed 4 years ago

bencord0 commented 4 years ago

Describe the bug The current latest commit in this repository refers to configuration_version = "1.0.23-SNAPSHOT". https://github.com/nhsx/covid-19-app-android-ag-public/blob/01f790a0ebefe20ba6ff7925e56dfd88911741bf/app/build.gradle#L148

But the current latest public commit on the configuration repo is set to version = "1.0.15-SNAPSHOT".

https://github.com/nhsx/covid-19-app-configuration-public/blob/59f08d62c4070496cd279de8d5a8d93c8387f3f6/build.gradle#L15-L37

Are these two repositories out of sync? I am getting the following "Unresolved reference" error during a ./gradlew run of this repository.

bencord0@localhost ~/src/covid-19-app-android-ag-public $ ./gradlew                                                   

> Configure project :app                                                                                              

> Task :app:compileScenariosDebugKotlin FAILED              
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/ExposureApplication.kt: (17, 30): Unresolved reference: qrCodesSignatureKey                                                         
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/ExposureApplication.kt: (86, 21): Unresolved reference: qrCodesSignatureKey                                                         
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/AppModule.kt: (8, 30): Unresolved reference: SignatureKey                                                                 
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/AppModule.kt: (29, 38): Unresolved reference: SignatureKey                                                                
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/AppModule.kt: (79, 39): Unresolved reference: SignatureKey                                                                
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/NetworkModule.kt: (105, 16): Unresolved reference: signatureKeys
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/SignatureValidationInterceptor.kt: (10, 30): Unresolved reference: SignatureKey
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/di/module/SignatureValidationInterceptor.kt: (20, 37): Unresolved reference: SignatureKey
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/qrcode/QrCodeParser.kt: (6, 30): Unresolved reference: SignatureKey
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/qrcode/QrCodeParser.kt: (25, 31): Unresolved reference: SignatureKey
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/qrcode/QrCodeParser.kt: (78, 29): Unresolved reference: it
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/main/java/uk/nhs/nhsx/covid19/android/app/qrcode/QrCodeParser.kt: (78, 45): Unresolved reference: it
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/scenarios/java/uk/nhs/nhsx/covid19/android/app/DebugActivity.kt: (38, 30): Unresolved reference: qrCodesSignatureKey
e: /home/bencord0/src/covid-19-app-android-ag-public/app/src/scenarios/java/uk/nhs/nhsx/covid19/android/app/DebugActivity.kt: (226, 25): Unresolved reference: qrCodesSignatureKey

FAILURE: Build failed with an exception.

Has the qrCodesSignatureKey been published? Is the configuration repository https://github.com/nhsx/covid-19-app-configuration-public out of date?

To Reproduce Steps to reproduce the behavior:

  1. Clone the configuration repository, and reconfigure maven to publish locally
$ git clone https://github.com/nhsx/covid-19-app-configuration-public
$ cd covid-19-app-configuration-public
$ patch -p1 < ../mavenlocal-configuration.patch # (see below)

This is the patch that I'm using. It disables the remote check, as I will only be using the local maven cache to get the build working locally.

diff --git a/build.gradle b/build.gradle
index 2523120..349c0ee 100644
--- a/build.gradle
+++ b/build.gradle
@@ -18,14 +18,7 @@ subprojects {
     ext.version = '1.0.15-SNAPSHOT'
     publishing {
         repositories {
-            maven {
-                name = "GitHubPackages"
-                url = uri("https://maven.pkg.github.com/nhsx/covid-19-app-configuration-public")
-                credentials {
-                    username = project.findProperty("gpr.user") ?: System.getenv("USERNAME")
-                    password = project.findProperty("gpr.key") ?: System.getenv("TOKEN")
-                }
-            }
+            mavenLocal()
         }
         publications {
             gpr(MavenPublication) {
  1. Publish the configurations snapshot locally. 
    $ ./gradlew publishToMavenLocal

    This is a workaround because the current packages are not published. https://github.com/nhsx/covid-19-app-configuration-public/packages <- this is empty.

image

  1. Clone this repository, also patch out the remote maven repository to get the build working.
$ cd ../
$ git clone https://github.com/nhsx/covid-19-app-android-ag-public
$ cd covid-19-app-android-ag-public
$ patch -p1 < ../mavenlocal-android.patch # (see below)
diff --git a/app/build.gradle b/app/build.gradle
index 76ad9d5..00a9789 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -10,13 +10,7 @@ apply plugin: "com.github.triplet.play"
 apply from: '../jacoco.gradle'

 repositories {
-    maven {
-        url = 'https://maven.pkg.github.com/nhsx/covid-19-app-configuration-public'
-        credentials {
-            username = project.findProperty("gpr.user") ?: System.getenv("PACKAGES_ACCESS_ACTOR")
-            password = project.findProperty("gpr.key") ?: System.getenv("PACKAGES_ACCESS_TOKEN")
-        }
-    }
+    mavenLocal()
 }

 def buildNumber = new File('app/buildNumber').text as Integer
diff --git a/build.gradle b/build.gradle
index 0b532e5..6e65184 100644
--- a/build.gradle
+++ b/build.gradle
@@ -24,13 +24,7 @@ allprojects {
     repositories {
         google()
         jcenter()
-        maven {
-            url = 'https://maven.pkg.github.com/nhsx/covid-19-app-configuration-public'
-            credentials {
-                username = findProperty("gpr.user") ?: System.getenv("REPOS_ACCESS_ACTOR")
-                password = findProperty("gpr.key") ?: System.getenv("REPOS_ACCESS_TOKEN")
-            }
-        }
+        mavenLocal()
     }
 }
  1. Build with ./gradlew

Expected behaviour The application should build.

Actual behaviour Unresolved reference: qrCodesSignatureKey

This line imports code which is not available publically. https://github.com/nhsx/covid-19-app-android-ag-public/blob/01f790a0ebefe20ba6ff7925e56dfd88911741bf/app/src/main/java/uk/nhs/nhsx/covid19/android/app/ExposureApplication.kt#L19

import uk.nhs.covid19.config.qrCodesSignatureKey

Desktop:

paulchambers commented 4 years ago

Both signature keys are trivially extractable from the published apk, but I expect they want you to use your own if you are building the app yourself.

Note you can't use the exposure notification APIs unless your app is blessed by Google so we are pretty limited in what we can do with the app source anyway.

Config repo does appear to be out of sync though.

bencord0 commented 4 years ago

@paulchambers Any idea how I could generate by own qrcodes keys? Do you have a link to some instructions for this?

I'll settle for not necessarily having a drop-in / side-loaded replacement for the nhs distributed app etc. My immediate goal is to get an APK built and local tests passing.

paulchambers commented 4 years ago

@bencord0 you need to generate a EC256 key pair. The app needs the PEM representation of the public key embedding and you use the private key to sign the JWT that goes in the QR code. See https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations for a guide to generating the key pair and https://jwt.io for JWT details.

If you use apktool on the production apk the key is in smali_classes3/uk/nhs/covid19/config/CommonKt.smali

You can see where it ends up being used in https://github.com/nhsx/covid-19-app-android-ag-public/blob/master/app/src/main/java/uk/nhs/nhsx/covid19/android/app/qrcode/QrCodeParser.kt

paulchambers commented 4 years ago

@nhs-covid19 any update on this one? The config repo is from mid august and the app doesn't compile at the moment.

nhs-covid19 commented 4 years ago

Hi. Thanks for your patience. I hope to be able to publish a valid configuration repo and package in the next day or two. Apologies for this oversight.

nhs-covid19 commented 4 years ago

The configuration source code has been updated which should now work with the android source code here. As mentioned in the README in that repo, we had a technical issue that prevented us from publishing the packages. It is our intention to sort this out, however, there is a work-around in the README that will allow the code to be compiled correctly.