new repo-wide config option for a Binary Transparency Log

A Binary Transparency Log is a append only log of all binaries published by a repo. This is useful for people to find whether the binary they have matches what F-Droid has published, and also makes it more difficult for the published history to be changed without notice, or for a server to give specific users custom malware binaries. https://www.eff.org/deeplinks/2014/02/open-letter-to-tech-companies
2025-09-16 16:02:33 +03:00 · 2016-12-16 12:19:07 +01:00 · 2016-12-16 12:19:07 +01:00 · 03ec590989
commit 03ec590989
parent 0ef818486d
3 changed files with 101 additions and 0 deletions
--- a/fdroidserver/server.py
+++ b/fdroidserver/server.py
@ -279,6 +279,22 @@ def upload_to_virustotal(repo_section, vt_apikey):
            logging.info(response['verbose_msg'] + " " + response['permalink'])


+def push_binary_transparency(binary_transparency_remote):
+    '''push the binary transparency git repo to the specifed remote'''
+    import git
+
+    repo = git.Repo('binary_transparency_log')
+    pushremote = None
+    for remote in repo.remotes:
+        if remote.url == binary_transparency_remote:
+            pushremote = remote
+            break
+
+    if not pushremote:
+        pushremote = repo.create_remote('fdroid_server_update', binary_transparency_remote)
+    pushremote.push('master')
+
+
 def main():
    global config, options

@ -414,6 +430,11 @@ def main():
                upload_to_android_observatory(repo_section)
            if config.get('virustotal_apikey'):
                upload_to_virustotal(repo_section, config.get('virustotal_apikey'))
+
+            binary_transparency_remote = config.get('binary_transparency_remote')
+            if binary_transparency_remote:
+                push_binary_transparency(binary_transparency_remote)
+
    sys.exit(0)