From 86907d2ebf7ca94e653e060762a95ac182725fdd Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 5 Mar 2018 21:44:38 +0100
Subject: [PATCH 1/2] checkupdates: exit with error if fdroiddata git repo is
 dirty

One key security property of the F-Droid ecosystem is that the sensitive
code is all stored forever in git repos and source tarballs.  That means
we can easily go back and see if there where exploits and where they came
from.  Therefore, checkupdates should require everything in fdroiddata be
committed to git before running.

This provides --allow-dirty to override that behavior.
---
 completion/bash-completion   | 2 +-
 fdroidserver/checkupdates.py | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/completion/bash-completion b/completion/bash-completion
index 2142534e..af9acf00 100644
--- a/completion/bash-completion
+++ b/completion/bash-completion
@@ -174,7 +174,7 @@ __complete_publish() {
 
 __complete_checkupdates() {
 	opts="-v -q"
-	lopts="--verbose --quiet --auto --autoonly --commit --gplay"
+	lopts="--verbose --quiet --auto --autoonly --commit --gplay --allow-dirty"
 	case "${cur}" in
 		-*)
 			__complete_options
diff --git a/fdroidserver/checkupdates.py b/fdroidserver/checkupdates.py
index 0a4f6e27..54b614ec 100644
--- a/fdroidserver/checkupdates.py
+++ b/fdroidserver/checkupdates.py
@@ -572,6 +572,8 @@ def main():
                         help=_("Only process apps with auto-updates"))
     parser.add_argument("--commit", action="store_true", default=False,
                         help=_("Commit changes"))
+    parser.add_argument("--allow-dirty", action="store_true", default=False,
+                        help=_("Run on git repo that has uncommitted changes"))
     parser.add_argument("--gplay", action="store_true", default=False,
                         help=_("Only print differences with the Play Store"))
     metadata.add_metadata_arguments(parser)
@@ -580,6 +582,12 @@ def main():
 
     config = common.read_config(options)
 
+    if not options.allow_dirty:
+        status = subprocess.check_output(['git', 'status', '--porcelain'])
+        if status:
+            logging.error(_('Build metadata git repo has uncommited changes!'))
+            sys.exit(1)
+
     # Get all apps...
     allapps = metadata.read_metadata()
 

From 70d9633555ba07b4bb83dfd7dcda9781cc80cf51 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 5 Mar 2018 21:47:19 +0100
Subject: [PATCH 2/2] build/checkupdates/update: log current fdroiddata commit
 to wiki

---
 fdroidserver/build.py        |  1 +
 fdroidserver/checkupdates.py |  1 +
 fdroidserver/common.py       | 18 ++++++++++++++++++
 fdroidserver/update.py       |  1 +
 4 files changed, 21 insertions(+)

diff --git a/fdroidserver/build.py b/fdroidserver/build.py
index 58e4ccf4..8f084a94 100644
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@@ -1233,6 +1233,7 @@ def main():
                     txt = "* build session started at " + common.get_wiki_timestamp(start_timestamp) + '\n' \
                           + "* this build started at " + build_starttime + '\n' \
                           + "* this build completed at " + common.get_wiki_timestamp() + '\n' \
+                          + common.get_git_describe_link() \
                           + '* fdroidserverid: [https://gitlab.com/fdroid/fdroidserver/commit/' \
                           + fdroidserverid + ' ' + fdroidserverid + ']\n\n'
                     if buildserverid:
diff --git a/fdroidserver/checkupdates.py b/fdroidserver/checkupdates.py
index 54b614ec..72c8b22b 100644
--- a/fdroidserver/checkupdates.py
+++ b/fdroidserver/checkupdates.py
@@ -535,6 +535,7 @@ def update_wiki(gplaylog, locallog):
             newpage = site.Pages[wiki_page_path]
             txt = ''
             txt += "* command line: <code>" + ' '.join(sys.argv) + "</code>\n"
+            txt += common.get_git_describe_link()
             txt += "* started at " + common.get_wiki_timestamp(start_timestamp) + '\n'
             txt += "* completed at " + common.get_wiki_timestamp() + '\n'
             txt += "\n\n"
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index cf1d9203..76089184 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3100,3 +3100,21 @@ def get_android_tools_version_log(ndk_path=None):
         log += '* ' + name + ' (' + version + ')\n'
 
     return log
+
+
+def get_git_describe_link():
+    """Get a link to the current fdroiddata commit, to post to the wiki
+
+    """
+    try:
+        output = subprocess.check_output(['git', 'describe', '--always', '--dirty', '--abbrev=0'],
+                                         universal_newlines=True).strip()
+    except subprocess.CalledProcessError:
+        pass
+    if output:
+        commit = output.replace('-dirty', '')
+        return ('* fdroiddata: [https://gitlab.com/fdroid/fdroiddata/commit/{commit} {id}]\n'
+                .format(commit=commit, id=output))
+    else:
+        logging.error(_("'{path}' failed to execute!").format(path='git describe'))
+        return ''
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 90fc291b..c22ac0f3 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -329,6 +329,7 @@ def update_wiki(apps, sortedids, apks):
     txt += "* command line: <code>" + ' '.join(sys.argv) + "</code>\n"
     txt += "* started at " + common.get_wiki_timestamp(start_timestamp) + '\n'
     txt += "* completed at " + common.get_wiki_timestamp() + '\n'
+    txt += common.get_git_describe_link()
     txt += "\n\n"
     txt += common.get_android_tools_version_log()
     newpage.save(txt, summary='Run log')