Commit graph

20 commits

Author SHA1 Message Date
Hans-Christoph Steiner 8dade6ece0 gitlab-ci: check if Application ID will cause keyalias collision
fdroid/fdroidserver#553
2018-08-29 22:49:51 +02:00
Hans-Christoph Steiner d6e81e47bb gitlab-ci: error if apps use insecure plain HTTP gradle repositories
It is very easy to mess up and include plain HTTP URLs for gradle
repositories, which can lead to gradle downloading code from HTTP and
immediately executing it.  The fix is almost always changing "http:" to
"https:".

https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer
2018-01-26 13:41:41 +01:00
Daniel Martí d0ba17bb6f Remove now broken google-code-moved script
I wrote this nearly a year ago, and it's recently been broken by the new
redirect that Google Code does. A few dozen apps were fixed thanks to
this, so it did its job.

If any devs still on Google Code after all this time want to update
their metadata, they can.
2016-03-07 22:31:55 +00:00
Daniel Martí c1894d3e41 pre-commit hook: use lint -f
This avoids calling rewritemeta separately, which means parsing all the
metadata files once instead of twice.

This reduces the running time of the pre-commit script from ~3s to ~2s
on my machine.
2015-12-07 20:13:36 +01:00
Daniel Martí 4acc100ea1 Add lint to pre-commit hook 2015-10-05 11:37:14 +02:00
Daniel Martí f9a55cb0af Unify metadata checks in verify-rewritemeta.sh 2015-09-28 16:52:12 -07:00
Boris Kraut 7cd8622726 Use bash for verify script 2015-09-25 13:11:49 +02:00
Daniel Martí 97ddab86bf verify-rewritemeta: use rewritemeta -l
This keeps it from having to modify the files on metadata/.
2015-09-24 22:55:26 -07:00
Daniel Martí cbf2de9caa CI: check formatting via rewritemeta 2015-09-11 18:37:56 -07:00
Daniel Martí 3975b6933d google-code-moved: ignore weird google login links 2015-08-28 15:30:56 -07:00
Daniel Martí 7b7ee633dd google-code-moved: support pages that directly redirect 2015-08-28 14:58:23 -07:00
Daniel Martí 4c420571b4 google-code-moved: don't be so verbose 2015-08-27 21:00:15 -07:00
Daniel Martí 43ad1b5da0 google-code-moved: count apps left 2015-08-27 12:01:55 -07:00
Daniel Martí bd83f3ea22 google-code-moved: shuffle lines
This way we get the results don't pile at the end
2015-08-26 18:49:53 -07:00
Daniel Martí ea51f477eb https urls are now enforced by lint 2015-08-18 17:57:01 -07:00
Daniel Martí b951157ce0 Remove all trailing spaces 2015-08-17 22:21:03 -07:00
Daniel Martí 62c28b1eb0 Add script to detect projects that moved from google code to github 2015-08-17 22:15:20 -07:00
Daniel Martí fa69e69d99 The slowness of urls-https came from calling sed multiple times
Calling it only once means that files are read and written only once too.

Total time it takes to run it on the actual fdroiddata dropped from ~25sec to
~6sec.
2014-02-13 08:13:27 +01:00
Hans-Christoph Steiner c60e03d650 tools/urls-https.sh: also change git:// and svn:// to https://
For git repos, using https:// reduces metadata leakage for more privacy,
and increases the security a little bit.  For SVN repos, using https:// is
much more important since the repo format itself does not provide the same
level of verification as git, hg, etc. do.
2014-02-12 22:34:48 -05:00
Daniel Martí 4fcedb2695 Move urls-https into a new tools dir 2014-02-01 12:30:24 +01:00