Project

General

Profile

Actions

Issue #2252

open

Evaluate https://github.com/phhusson/vendor_foss

Added by Denis 'GNUtoo' Carikli almost 3 years ago. Updated almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Build system
Target version:
Start date:
05/06/2021
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Not device specific
Grant:
Type of work:
Any programming languages (scripts, C, etc), Build system integration, Unknown
Actions #1

Updated by Denis 'GNUtoo' Carikli almost 3 years ago

To download APK, and maintain them I've written https://git.replicant.us/replicant-next/vendor_f-droid/tree/ from scratch.

While it works the design of https://github.com/phhusson/vendor_foss looks way better as it can parse F-Droid repository to get the lastest APKs and it seems that it can even generate Android.mk for the individual applications.

Adding gpg verifications should be trivial, and adding the ability to get the APK source code as well (#2251) could be easier with it.

As the code is a bit more complex, we might also want to verify if everything is safe with vendor_foss.

PS: Note that I don't know yet how to avoid vulnerabilities when writing shell applications other than not using any data that comes from the network or other untrusted sources in variables. I probably need to find some documentation on how to properly quote variables and so on, to make sure we don't introduce issues in Replicant release through unsafe parsing of network data. Example of such vulnerability: http://www.openpma.org/gen4/Main_Page/

Actions #2

Updated by Denis 'GNUtoo' Carikli almost 3 years ago

  • Target version changed from Replicant 11.0 to Replicant 11.0 0001
Actions

Also available in: Atom PDF