From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 5 Feb 2018 13:43:39 +0000 (+0100)
Subject: git-svn: require working HTTPS for all Subversion URLs
X-Git-Tag: 1.0.1~14^2~1
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=a1075f45cca3919a49192f94da366a423bdb6c4b;p=fdroidserver.git

git-svn: require working HTTPS for all Subversion URLs

Subversion does not verify each commit as strongly as git does, so HTTPS is
really important.  Also, there is the possibility of injecting code into
`fdroid checkupdate` calls if plain HTTP is used.
---

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 6b34969f..938b1c15 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -1004,6 +1004,9 @@ class vcs_gitsvn(vcs):
             else:
                 remote = self.remote
 
+            if not remote.startswith('https://'):
+                raise VCSException(_('HTTPS must be used with Subversion URLs!'))
+
             gitsvn_args.extend(['--', remote, self.local])
             p = self.git(gitsvn_args)
             if p.returncode != 0: