Skip to content

V1.7.0-5

Choose a tag to compare

@jleinenbach jleinenbach released this 03 Jun 17:03
a070cbc

A massive cumulative release built on top of V1.7.0-4. Big shout-out to
@jleinenbach for driving the upstream-alignment, auth hardening, FMDN
crypto fixes, standalone-CLI rework, i18n parity work, and the new
Bermuda BLE integration guide; and to @tzagim and @hiagocosta for the
community translations that made the i18n sweep possible.

🔐 Authentication & Token Lifecycle Hardening

  • DroidGuard / gpsoauth workaround: monkey-patch gpsoauth to inject
    droidguard_results="null", override its default dummy123, and
    backport the modern google_play_services_version. Resolves
    API_KEY_ANDROID_APP_BLOCKED and <empty> androidPackage failures
    (Fixes #154).
  • Shared-key lifecycle: canonical caching, reauth-driven invalidation,
    automatic renewal, multi-account-safe cache keys, and a warning when
    secrets.json is missing shared_key (Bug 5).
  • AAS / OAuth token flow: eager OAuth-cookie → AAS exchange before the
    shared-key flow, persist AAS into the oauth_token slot after a
    successful gpsoauth exchange, soft-invalidate the AAS token in
    standalone mode instead of deleting it, abort CLI startup on stale
    OAuth cookies, and clear stale tokens on --reauth.
  • FCM / GCM register: surface persistent GCM-register 401 as a fatal
    auth error, propagate FCM 401/404 from the firebase_messaging
    helpers, defer the fatal flag until the retry budget is exhausted,
    cap the supervisor backoff at 120 s, fix the stop-event race and the
    blocking sleep in async_reregister_fcm, replace non-functional AAS
    token regeneration with FCM-token regeneration, and remove all
    GCM-sender / endpoint switching on PHONE_REGISTRATION_ERROR for full
    upstream alignment.
  • Exchange-error semantics: exchange_error is now retryable with a
    tightened auth-marker wrapper; _is_non_retryable_auth was refactored
    and error_kind is now surfaced on adm raises. Tests aligned with
    the new classifier semantics.

🛰️ FMDN / EID Resolver Robustness

  • Issue #155 (inconsistent location reporting): fixes FMDN decryption
    failures, missing location reports, stale candidate lists after key
    promotion, seed-freshness edge cases, trusted-anchor bypass on key
    promotion, stale identity key in metadata_update after candidate
    promotion, and crowdsourced-stats double-counting. Identity key bytes
    are now synced when foreign decryption promotes an alternate
    candidate, and the full identity-key candidate set is always
    generated for crowdsourced reports.
  • Issue #168 (MAC check failed): AAD-envelope fallback added to both
    the early-EIK unwrap path and the shared-key EIK-decryption path;
    blind owner-key refresh on stale EIK; defensive InvalidTag catches
    on owner-key decryption; stale crypto keys cleared on --reauth.
  • 0x41 frame / legacy-length payload: accepted in BLE battery decode;
    modern P256 EIDs supported in battery decoding and XOR mask
    computation; corrected FMDN battery-bit extraction and level mapping.
  • MSB-first bit convention: documented and test-anchored to prevent
    false-positive reviews; named constants for the FMDN hashed-flags
    bitmask, plus post-audit hardening.
  • Early-key fallback: now allowed when identity retrieval hits auth
    errors; SpotApiEmptyResponseError is re-raised for reauth
    propagation; early-unwrapped key used as fallback on
    SpotApiEmptyResponseError.

🧭 Coordinator & Device-Tracker

  • Push-merge semantics: push snapshots are now merged into
    self.data instead of replacing it (Issue #152). Ignored devices are
    excluded from push merges. Regression tests added.
  • show_location_age option (new): exposes location age as a device-
    tracker attribute with 60 s rounding, translated into all eight
    supported languages, excluded from recorder history (performance),
    and covered by regression tests.
  • Defensive entry access: _opt() helper used in
    device_tracker.py; init.py and the semantic-locations path
    defensively access partial ConfigEntry mocks.
  • Fusion jitter guard added; ruff/mypy findings cleared; 24 broken
    tests repaired.
  • Map view: referrerPolicy added to tileLayer in map_view.py.

🖥️ Standalone CLI Mode

  • First-run flow: standalone CLI now boots without secrets.json,
    auto-extracts the user email from the Chrome session, registers its
    own FCM receiver, and cleans up partially-started Chrome windows on
    failed driver strategies.
  • HA stub layer: virtual googlefindmy package with lazy
    __getattr__, ModuleType subclass for __getattr__, auto-generated
    HA exception stubs and submodules, MetaPathFinder-based injection
    that only fires when homeassistant is truly unavailable. Adds
    sync_pop and an all() method to the file-backed _FileCache.
  • CLI ergonomics: --reauth flag, loop back to tracker selection
    after each location query, fix silent CLI exit after location
    request, restore the --entry CLI flag, auto-select single cache
    entry, log secrets.json load failures, accept empty entry_id in
    the FCM receiver / empty namespace in location_request, register
    a file-backed TokenCache, package-qualified imports for -m
    compatibility, X-Android-Package / X-Android-Cert headers for
    Firebase API calls.
  • Sync facades repaired for CLI usage (get_aas_token,
    get_owner_key, register_esp32 with cache propagation, typed
    mock in tests, make sync-raises test made async).
  • email.py renamed to email_utils.py to avoid shadowing the stdlib
    module.

🌍 Internationalization

  • Hebrew (he) translation added based on contribution #158 by
    @tzagim, completed to 100 % coverage (323/323 keys), with the empty
    container stubs required by translation_key_check.
  • Portuguese-BR (pt-BR): 16 native-speaker improvements adopted from
    contribution #160 by @hiagocosta.
  • Eight-locale parity sweep: key ordering aligned with
    strings.json across all eight supported locales; English
    contributor_mode description resynced; contributor-mode help text
    corrected to match the code-level DEFAULT_CONTRIBUTOR_MODE.
  • show_location_age translated into all eight supported
    languages.
  • Locale parity gate codified in docs/AI_TASKLIST.md together with
    the sync_translations.py workflow.

📖 Documentation

  • Bermuda BLE integration guide added at
    docs/BERMUDA_INTEGRATION.md with a README pointer, including an
    explicit IMPORTANT callout that the FMDN-Finder Google-side upload
    remains experimental and currently blocked (DroidGuard attestation
    unavailable, FMDN_UPLOAD_ENABLED = False).
  • Shared-key retrieval architecture and FCM-derivation limitations
    documented; OAuth fallback architecture documented in
    Auth/AGENTS.md; audit documentation added; scalar-derivation docs
    fixed.

🧪 Test Infrastructure

  • Canonical make_config_entry() fixture introduced. 48+ named
    ConfigEntry stub classes migrated to the fixture across three
    waves, plus an AP-6 hotfix for test_config_flow_reconfigure. The
    convention is documented in AGENTS.md. Regression tests added for
    show_location_age, push-merge filtering, and ignored-device
    semantics.
  • mypy type errors and the pycares import in CI cleared; ruff
    PLR0912 / PLR2004 / PLR0915 / E402 / I001 findings resolved.

🐛 Closed Issues

  • Fixes #152 — No location, multiple errors.
  • Fixes #154API_KEY_ANDROID_APP_BLOCKED / <empty> androidPackage.
  • Fixes #155 — Inconsistent location reporting.
  • Fixes #168 — MAC check failed (workaround included).
  • Closes #159, #162 (carried in via PR #171).

🙏 Acknowledgements

  • @jleinenbach — drove the upstream-alignment, auth hardening,
    FMDN crypto fixes, standalone-CLI rework, Bermuda integration guide
    and i18n parity work.
  • @tzagim — Hebrew translation (#158).
  • @hiagocosta — Portuguese-BR native-speaker improvements (#160).
  • Chen Ye — i18n review co-authorship.
  • Tomasz Hemperek, Simon Smith — additional commits.

🧬 Bermuda Companion Fork

For local BLE presence detection with the EID resolver / FMDN Finder
listener, see the matching Bermuda fork release:
https://github.com/jleinenbach/bermuda/releases/tag/v0.6.8-GoogleFindMy-HA-5

Full Changelog: V1.7.0-4...V1.7.0-5