mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-05 06:50:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'java-security-tmpdir' into 'master'

Browse source 
verify_old_apk_signature(): use temp dir instead of $PWD/.java.security

See merge request fdroid/fdroidserver!1256
This commit is contained in:
Hans-Christoph Steiner 2022-11-15 19:58:57 +00:00
commit b54eb946f1
1 changed files with 18 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

41
fdroidserver/common.py
View file

@ -3445,30 +3445,25 @@ def verify_deprecated_jar_signature(jar):
""" """
error = _('JAR signature failed to verify: {path}').format(path=jar) error = _('JAR signature failed to verify: {path}').format(path=jar)
_java_security = os.path.join(os.getcwd(), '.java.security') with tempfile.TemporaryDirectory() as tmpdir:
if os.path.exists(_java_security): java_security = os.path.join(tmpdir, 'java.security')
os.remove(_java_security) with open(java_security, 'w') as fp:
with open(_java_security, 'w') as fp: fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024')
fp.write('jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024') os.chmod(java_security, 0o400)
os.chmod(_java_security, 0o400)
try: try:
cmd = [ cmd = [
config['jarsigner'], config['jarsigner'],
'-J-Djava.security.properties=' + _java_security, '-J-Djava.security.properties=' + java_security,
'-strict', '-verify', jar '-strict', '-verify', jar
] ]
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
raise VerificationException(error + '\n' + output.decode('utf-8')) raise VerificationException(error + '\n' + output.decode('utf-8'))
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
if e.returncode == 4: if e.returncode == 4:
logging.debug(_('JAR signature verified: {path}').format(path=jar)) logging.debug(_('JAR signature verified: {path}').format(path=jar))
else: else:
raise VerificationException(error + '\n' + e.output.decode('utf-8')) from e raise VerificationException(error + '\n' + e.output.decode('utf-8')) from e
finally:
if os.path.exists(_java_security):
os.chmod(_java_security, 0o600)
os.remove(_java_security)
def verify_apk_signature(apk, min_sdk_version=None): def verify_apk_signature(apk, min_sdk_version=None):