One key security property of the F-Droid ecosystem is that the sensitive
code is all stored forever in git repos and source tarballs. That means
we can easily go back and see if there where exploits and where they came
from. Therefore, checkupdates should require everything in fdroiddata be
committed to git before running.
This provides --allow-dirty to override that behavior.
__complete_checkupdates() {
opts="-v -q"
__complete_checkupdates() {
opts="-v -q"
- lopts="--verbose --quiet --auto --autoonly --commit --gplay"
+ lopts="--verbose --quiet --auto --autoonly --commit --gplay --allow-dirty"
case "${cur}" in
-*)
__complete_options
case "${cur}" in
-*)
__complete_options
help=_("Only process apps with auto-updates"))
parser.add_argument("--commit", action="store_true", default=False,
help=_("Commit changes"))
help=_("Only process apps with auto-updates"))
parser.add_argument("--commit", action="store_true", default=False,
help=_("Commit changes"))
+ parser.add_argument("--allow-dirty", action="store_true", default=False,
+ help=_("Run on git repo that has uncommitted changes"))
parser.add_argument("--gplay", action="store_true", default=False,
help=_("Only print differences with the Play Store"))
metadata.add_metadata_arguments(parser)
parser.add_argument("--gplay", action="store_true", default=False,
help=_("Only print differences with the Play Store"))
metadata.add_metadata_arguments(parser)
config = common.read_config(options)
config = common.read_config(options)
+ if not options.allow_dirty:
+ status = subprocess.check_output(['git', 'status', '--porcelain'])
+ if status:
+ logging.error(_('Build metadata git repo has uncommited changes!'))
+ sys.exit(1)
+
# Get all apps...
allapps = metadata.read_metadata()
# Get all apps...
allapps = metadata.read_metadata()