missytake/fdroiddata
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

gitlab-ci: make sure EXIF is stripped from all included images

Browse source 
EXIF state can be used as an exploit vector and for malicioius code
delivery.  Neither fdroidclient nor fdroid-website use the EXIF data, so
just strip it entirely.  'exiftool' is available in most distros.
This commit is contained in:
Hans-Christoph Steiner 2018-03-07 23:50:03 +01:00
parent fb6a1c25c3
commit cddf3589f7
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitlab-ci.yml
View file

@ -31,4 +31,10 @@ lint:
fdroid rewritemeta $CHANGED; fdroid rewritemeta $CHANGED;
git --no-pager diff --color=always; git --no-pager diff --color=always;
} }
- apt-get -qy update
- apt-get -qy install --no-install-recommends exiftool
- exiftool -all= `find metadata/ -name '*.jp*g' -o -name '*.png'`
- echo "these images have EXIF that must be stripped:"
- git --no-pager diff --stat
- git --no-pager diff --name-only --exit-code || export EXITVALUE=1
- exit $EXITVALUE - exit $EXITVALUE