Go to file
Hans-Christoph Steiner bde0558d82 update: reject APKs with invalid file sig, probably Janus exploits
This just checks the first four bytes of the APK file, aka the "file
signature", to make sure it is the ZIP signature and not the DEX signature.
This was checked against the test APK, and I ran it against some known
malware and all of f-droid.org to make sure it works.

All valid ZIP files (therefore APK files) should start with the ZIP
Local File Header of four bytes.

https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
2017-12-14 16:57:22 +01:00
buildserver buildserver: include all Android SDK licenses in their exact format 2017-11-29 21:06:02 +01:00
completion remove XML files from bash completion, they are not supported anymore 2017-12-11 22:11:16 +01:00
docker dscanner - Drozer based post-build dynamic vulnerability scanner command 2016-12-06 14:00:44 +01:00
examples server: allow user to specify custom s3cfg file (closes #413) 2017-11-29 19:50:57 +01:00
fdroidserver update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
hooks remove fd-commit, no active devs use it, and requires Auto Name/Name 2017-12-06 22:48:08 +01:00
locale Add Liberapay support 2017-12-12 11:53:31 +01:00
tests update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
.gitignore handle jarsigner/apksigner output cleanly for rational logging 2017-12-07 17:32:14 +01:00
.gitlab-ci.yml fix metadata_v0 tests 2017-12-12 16:54:35 +01:00
.pylint-rcfile update outdated pylint setup 2017-05-23 22:34:16 +02:00
.travis.yml choose the most recent available version of Java 2017-10-25 23:01:25 +02:00
LICENSE Rename COPYING to LICENSE 2015-08-24 10:54:20 -07:00
MANIFEST.in rename test file to fit within eCryptfs filename limits (closes #416) 2017-11-22 11:40:16 +01:00
README.md README: add new jenkins.debian.net test 2017-11-09 15:02:37 +01:00
fdroid correct "usage" output (--help; see #405) 2017-12-07 14:51:27 +01:00
jenkins-build-all jenkins-build-all: improve detection of working buildserver VM 2017-12-14 10:41:11 +01:00
jenkins-setup-build-environment jenkins-setup-build-environment: delete libvirt images before test run 2017-12-05 12:31:13 +01:00
jenkins-test jenkins test: clear singing-key-fingerpring from previous run 2017-12-13 17:39:55 +01:00
makebuildserver makebuildserver: quiet rsync for copy_caches_from_host 2017-12-11 22:11:16 +01:00
setup.cfg check git is on correct tag before making a release 2017-11-27 16:57:30 +01:00
setup.py remove fd-commit, no active devs use it, and requires Auto Name/Name 2017-12-06 22:48:08 +01:00

README.md

CI Builds fdroidserver buildserver fdroid build --all publishing tools
Debian fdroidserver status on Debian buildserver status fdroid build all status fdroid build all status
macOS & Ubuntu/LTS fdroidserver status on macOS & Ubuntu/LTS

F-Droid Server

Server for F-Droid, the Free Software repository system for Android.

The F-Droid server tools provide various scripts and tools that are used to maintain the main F-Droid application repository. You can use these same tools to create your own additional or alternative repository for publishing, or to assist in creating, testing and submitting metadata to the main repository.

For documentation, please see https://f-droid.org/docs/, or you can find the source for the documentation in fdroid/fdroid-website.

What is F-Droid?

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Installing

There are many was to install fdroidserver, they are documented on the website: https://f-droid.org/docs/Installing_the_Server_and_Repo_Tools

All sorts of other documentation lives there as well.

Drozer Scanner

There is a new feature under development that can scan any APK in a repo, or any build, using Drozer. Drozer is a dynamic exploit scanner, it runs an app in the emulator and runs known exploits on it.

This setup requires specific versions of two Python modules: docker-py 1.9.0 and requests older than 2.11. Other versions might cause the docker-py connection to break with the containers. Newer versions of docker-py might have this fixed already.

For Debian based distributions:

apt-get install libffi-dev libssl-dev python-docker

Translation

Everything can be translated. See Translation and Localization for more info. translation status