gitlab-ci: make sure EXIF is stripped from all included images
EXIF state can be used as an exploit vector and for malicioius code delivery. Neither fdroidclient nor fdroid-website use the EXIF data, so just strip it entirely. 'exiftool' is available in most distros.
This commit is contained in:
Hans-Christoph Steiner
parent
fb6a1c25c3
commit
cddf3589f7
|
|
@ -31,4 +31,10 @@ lint:
|
|||
fdroid rewritemeta $CHANGED;
|
||||
git --no-pager diff --color=always;
|
||||
}
|
||||
- apt-get -qy update
|
||||
- apt-get -qy install --no-install-recommends exiftool
|
||||
- exiftool -all= `find metadata/ -name '*.jp*g' -o -name '*.png'`
|
||||
- echo "these images have EXIF that must be stripped:"
|
||||
- git --no-pager diff --stat
|
||||
- git --no-pager diff --name-only --exit-code || export EXITVALUE=1
|
||||
- exit $EXITVALUE
|
||||
|
|
|
|||
Loading…
Reference in a new issue