Compare commits
7 Commits
4962ab57e8
...
9a9b5beeaa
Author | SHA1 | Date |
---|---|---|
Hans-Christoph Steiner | 9a9b5beeaa | |
Hans-Christoph Steiner | 14c8647909 | |
linsui | d243cbd030 | |
Michael Pöhn | 08c553e1cb | |
linsui | f82d648cb1 | |
Michael Pöhn | 79586fd9e3 | |
Hans-Christoph Steiner | 6f07538cdc |
|
@ -837,7 +837,15 @@ def push_binary_transparency(git_repo_path, git_remote):
|
|||
origin.set_url(git_remote)
|
||||
else:
|
||||
origin = gitrepo.create_remote('origin', git_remote)
|
||||
origin.push(GIT_BRANCH)
|
||||
for _i in range(3):
|
||||
try:
|
||||
origin.push(GIT_BRANCH)
|
||||
except git.GitCommandError as e:
|
||||
logging.error(e)
|
||||
continue
|
||||
break
|
||||
else:
|
||||
raise FDroidException(_("Pushing to remote server failed!"))
|
||||
|
||||
|
||||
def main():
|
||||
|
|
|
@ -722,7 +722,13 @@ def check_updates_ucm_http_aum_pattern(app): # noqa: D403
|
|||
|
||||
|
||||
def check_certificate_pinned_binaries(app):
|
||||
if len(app.get('AllowedAPKSigningKeys')) > 0:
|
||||
keys = app.get('AllowedAPKSigningKeys')
|
||||
known_keys = common.config.get('apk_signing_key_block_list', [])
|
||||
if keys:
|
||||
if known_keys:
|
||||
for key in keys:
|
||||
if key in known_keys:
|
||||
yield _('Known debug key is used in AllowedAPKSigningKeys: ') + key
|
||||
return
|
||||
if app.get('Binaries') is not None:
|
||||
yield _(
|
||||
|
|
|
@ -268,7 +268,8 @@ def main():
|
|||
urls[icondir].append(url)
|
||||
|
||||
for icondir in icondirs:
|
||||
_run_wget(os.path.join(basedir, section, icondir), urls[icondir])
|
||||
if icondir in urls:
|
||||
_run_wget(os.path.join(basedir, section, icondir), urls[icondir])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
@ -438,6 +438,45 @@ class LintTest(unittest.TestCase):
|
|||
with self.assertRaises(TypeError):
|
||||
fdroidserver.lint.lint_config('mirrors.yml')
|
||||
|
||||
def test_check_certificate_pinned_binaries_empty(self):
|
||||
fdroidserver.common.config = {}
|
||||
app = fdroidserver.metadata.App()
|
||||
app.AllowedAPKSigningKeys = [
|
||||
'a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc'
|
||||
]
|
||||
self.assertEqual(
|
||||
[],
|
||||
list(fdroidserver.lint.check_certificate_pinned_binaries(app)),
|
||||
"when the config is empty, any signing key should be allowed",
|
||||
)
|
||||
|
||||
def test_lint_known_debug_keys_no_match(self):
|
||||
fdroidserver.common.config = {
|
||||
"apk_signing_key_block_list": "a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc"
|
||||
}
|
||||
app = fdroidserver.metadata.App()
|
||||
app.AllowedAPKSigningKeys = [
|
||||
'2fd4fd5f54babba4bcb21237809bb653361d0d2583c80964ec89b28a26e9539e'
|
||||
]
|
||||
self.assertEqual(
|
||||
[],
|
||||
list(fdroidserver.lint.check_certificate_pinned_binaries(app)),
|
||||
"A signing key that does not match one in the config should be allowed",
|
||||
)
|
||||
|
||||
def test_lint_known_debug_keys(self):
|
||||
fdroidserver.common.config = {
|
||||
'apk_signing_key_block_list': 'a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc'
|
||||
}
|
||||
app = fdroidserver.metadata.App()
|
||||
app.AllowedAPKSigningKeys = [
|
||||
'a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc'
|
||||
]
|
||||
for warn in fdroidserver.lint.check_certificate_pinned_binaries(app):
|
||||
anywarns = True
|
||||
logging.debug(warn)
|
||||
self.assertTrue(anywarns)
|
||||
|
||||
|
||||
class LintAntiFeaturesTest(unittest.TestCase):
|
||||
def setUp(self):
|
||||
|
|
Loading…
Reference in New Issue