gitlab-ci: make sure EXIF is stripped from all included images

EXIF state can be used as an exploit vector and for malicioius code
delivery.  Neither fdroidclient nor fdroid-website use the EXIF data, so
just strip it entirely.  'exiftool' is available in most distros.
This commit is contained in:
Hans-Christoph Steiner 2018-03-07 23:50:03 +01:00
parent fb6a1c25c3
commit cddf3589f7

View file

@ -31,4 +31,10 @@ lint:
fdroid rewritemeta $CHANGED;
git --no-pager diff --color=always;
}
- apt-get -qy update
- apt-get -qy install --no-install-recommends exiftool
- exiftool -all= `find metadata/ -name '*.jp*g' -o -name '*.png'`
- echo "these images have EXIF that must be stripped:"
- git --no-pager diff --stat
- git --no-pager diff --name-only --exit-code || export EXITVALUE=1
- exit $EXITVALUE