update: reject APKs with invalid file sig, probably Janus exploits

[fdroidserver.git] / tests / run-tests

diff --git a/tests/run-tests b/tests/run-tests
index 57186855252668e906820b4fb2da03054cab0baa..af29f471eeb186a5480815658759b206b16afc5a 100755 (executable)
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -9,7 +9,7 @@ echo_header() {
 copy_apks_into_repo() {
     set +x
     find $APKDIR -type f -name '*.apk' -print0 | while IFS= read -r -d '' f; do
-        echo $f | grep -F -v -e unaligned -e unsigned -e badsig -e badcert -e bad-unicode || continue
+        echo $f | grep -F -v -e unaligned -e unsigned -e badsig -e badcert -e bad-unicode -e janus.apk || continue
         apk=`$aapt dump badging "$f" | sed -n "s,^package: name='\(.*\)' versionCode='\([0-9][0-9]*\)' .*,\1_\2.apk,p"`
         test "$f" -nt repo/$apk && rm -f repo/$apk  # delete existing if $f is newer
         if [ ! -e repo/$apk ] && [ ! -e archive/$apk ]; then
@@ -183,8 +183,8 @@ cd $WORKSPACE/tests/tmp/importer
 git remote update -p
 git clean -fdx
 # stick with known working commit, in case future commits break things for this code
-git reset --hard 985aa135524ab7dd1e70335fd47b22fa628b81b3
-if [ -d $ANDROID_HOME/platforms/android-23 ]; then
+git reset --hard fea54e1161d5eb9eb1a54e26253ef84d3ab63705
+if [ -d $ANDROID_HOME/platforms/android-23 && -d $ANDROID_HOME/build-tools/23.0.3 ]; then
     echo "build_tools = '`ls -1 $ANDROID_HOME/build-tools/ | sort -n | tail -1`'" > config.py
     echo "force_build_tools = True" >> config.py
     $fdroid build --verbose org.fdroid.ci.test.app:300