mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-01 08:40:11 +02:00
Merge branch 'fix-virustotal-from-mirror' into 'master'
Fix virustotal from mirror See merge request fdroid/fdroidserver!604
This commit is contained in:
commit
9c900ed63c
@ -687,15 +687,18 @@ def get_mirror_service_urls(url):
|
|||||||
|
|
||||||
|
|
||||||
def download_repo_index(url_str, etag=None, verify_fingerprint=True):
|
def download_repo_index(url_str, etag=None, verify_fingerprint=True):
|
||||||
"""
|
"""Downloads and verifies index file, then returns its data.
|
||||||
Downloads the repository index from the given :param url_str
|
|
||||||
and verifies the repository's fingerprint if :param verify_fingerprint is not False.
|
Downloads the repository index from the given :param url_str and
|
||||||
|
verifies the repository's fingerprint if :param verify_fingerprint
|
||||||
|
is not False.
|
||||||
|
|
||||||
:raises: VerificationException() if the repository could not be verified
|
:raises: VerificationException() if the repository could not be verified
|
||||||
|
|
||||||
:return: A tuple consisting of:
|
:return: A tuple consisting of:
|
||||||
- The index in JSON format or None if the index did not change
|
- The index in JSON format or None if the index did not change
|
||||||
- The new eTag as returned by the HTTP request
|
- The new eTag as returned by the HTTP request
|
||||||
|
|
||||||
"""
|
"""
|
||||||
url = urllib.parse.urlsplit(url_str)
|
url = urllib.parse.urlsplit(url_str)
|
||||||
|
|
||||||
@ -713,32 +716,31 @@ def download_repo_index(url_str, etag=None, verify_fingerprint=True):
|
|||||||
return None, new_etag
|
return None, new_etag
|
||||||
|
|
||||||
with tempfile.NamedTemporaryFile() as fp:
|
with tempfile.NamedTemporaryFile() as fp:
|
||||||
# write and open JAR file
|
|
||||||
fp.write(download)
|
fp.write(download)
|
||||||
jar = zipfile.ZipFile(fp)
|
index, public_key, public_key_fingerprint = get_index_from_jar(fp.name, fingerprint)
|
||||||
|
index["repo"]["pubkey"] = hexlify(public_key).decode()
|
||||||
# verify that the JAR signature is valid
|
|
||||||
logging.debug(_('Verifying index signature:'))
|
|
||||||
common.verify_jar_signature(fp.name)
|
|
||||||
|
|
||||||
# get public key and its fingerprint from JAR
|
|
||||||
public_key, public_key_fingerprint = get_public_key_from_jar(jar)
|
|
||||||
|
|
||||||
# compare the fingerprint if verify_fingerprint is True
|
|
||||||
if verify_fingerprint and fingerprint.upper() != public_key_fingerprint:
|
|
||||||
raise VerificationException(_("The repository's fingerprint does not match."))
|
|
||||||
|
|
||||||
# load repository index from JSON
|
|
||||||
index = json.loads(jar.read('index-v1.json').decode("utf-8"))
|
|
||||||
index["repo"]["pubkey"] = hexlify(public_key).decode("utf-8")
|
|
||||||
index["repo"]["fingerprint"] = public_key_fingerprint
|
index["repo"]["fingerprint"] = public_key_fingerprint
|
||||||
|
|
||||||
# turn the apps into App objects
|
|
||||||
index["apps"] = [metadata.App(app) for app in index["apps"]]
|
index["apps"] = [metadata.App(app) for app in index["apps"]]
|
||||||
|
|
||||||
return index, new_etag
|
return index, new_etag
|
||||||
|
|
||||||
|
|
||||||
|
def get_index_from_jar(jarfile, fingerprint=None):
|
||||||
|
"""Returns the data, public key, and fingerprint from index-v1.jar
|
||||||
|
|
||||||
|
:raises: VerificationException() if the repository could not be verified
|
||||||
|
"""
|
||||||
|
|
||||||
|
logging.debug(_('Verifying index signature:'))
|
||||||
|
common.verify_jar_signature(jarfile)
|
||||||
|
with zipfile.ZipFile(jarfile) as jar:
|
||||||
|
public_key, public_key_fingerprint = get_public_key_from_jar(jar)
|
||||||
|
if fingerprint is not None:
|
||||||
|
if fingerprint.upper() != public_key_fingerprint:
|
||||||
|
raise VerificationException(_("The repository's fingerprint does not match."))
|
||||||
|
data = json.loads(jar.read('index-v1.json').decode())
|
||||||
|
return data, public_key, public_key_fingerprint
|
||||||
|
|
||||||
|
|
||||||
def get_public_key_from_jar(jar):
|
def get_public_key_from_jar(jar):
|
||||||
"""
|
"""
|
||||||
Get the public key and its fingerprint from a JAR file.
|
Get the public key and its fingerprint from a JAR file.
|
||||||
|
@ -31,6 +31,7 @@ import shutil
|
|||||||
|
|
||||||
from . import _
|
from . import _
|
||||||
from . import common
|
from . import common
|
||||||
|
from . import index
|
||||||
from .exception import FDroidException
|
from .exception import FDroidException
|
||||||
|
|
||||||
config = None
|
config = None
|
||||||
@ -478,9 +479,14 @@ def upload_to_virustotal(repo_section, vt_apikey):
|
|||||||
if repo_section == 'repo':
|
if repo_section == 'repo':
|
||||||
if not os.path.exists('virustotal'):
|
if not os.path.exists('virustotal'):
|
||||||
os.mkdir('virustotal')
|
os.mkdir('virustotal')
|
||||||
|
|
||||||
|
if os.path.exists(os.path.join(repo_section, 'index-v1.json')):
|
||||||
with open(os.path.join(repo_section, 'index-v1.json')) as fp:
|
with open(os.path.join(repo_section, 'index-v1.json')) as fp:
|
||||||
index = json.load(fp)
|
data = json.load(fp)
|
||||||
for packageName, packages in index['packages'].items():
|
else:
|
||||||
|
data, _ignored, _ignored = index.get_index_from_jar(os.path.join(repo_section, 'index-v1.jar'))
|
||||||
|
|
||||||
|
for packageName, packages in data['packages'].items():
|
||||||
for package in packages:
|
for package in packages:
|
||||||
outputfilename = os.path.join('virustotal',
|
outputfilename = os.path.join('virustotal',
|
||||||
packageName + '_' + str(package.get('versionCode'))
|
packageName + '_' + str(package.get('versionCode'))
|
||||||
|
Loading…
Reference in New Issue
Block a user