Mirror/pmbootstrap
1
0
Fork 1
mirror of https://gitlab.postmarketos.org/postmarketOS/pmbootstrap.git synced 2025-07-13 11:29:46 +03:00
Code Issues Wiki Activity

pmb.helpers.apk_static: Update "malicious server" message

Browse source 
While this hypothetically could be triggered by a malicious server,
more likely is that this would be caused by a bug in pmbootstrap. As
such, soften the message a bit and also remove references to the removed
-m flag.

Fixes ebfda16d6d

Part-of: https://gitlab.postmarketos.org/postmarketOS/pmbootstrap/-/merge_requests/2635
[ci:skip-build]: already built successfully in CI
This commit is contained in:
Newbyte 2025-07-02 17:17:23 +02:00
parent 752a3a98f5
commit 3f09e87346
No known key found for this signature in database
GPG key ID: ACD854892B38D898
1 changed files with 4 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pmb/helpers/apk_static.py
View file

@ -141,12 +141,10 @@ def extract(version: str, apk_path: Path) -> None:
if not version.startswith(f"{version_bin}"): if not version.startswith(f"{version_bin}"):
os.unlink(temp_path) os.unlink(temp_path)
raise RuntimeError( raise RuntimeError(
f"Downloaded apk-tools-static-{version}.apk," f"Downloaded apk-tools-static-{version}.apk, but the apk binary inside that package"
" but the apk binary inside that package reports" f" reports to be version: {version_bin}! This could potentially be caused by a"
f" to be version: {version_bin}!" " downgrade attack from a malicious server or a bug in pmbootstrap. You can try"
" Looks like a downgrade attack" " switching servers, see https://docs.postmarketos.org/pmbootstrap/mirrors.html"
" from a malicious server! Switch the server (-m)"
" and try again."
) )
# Move it to the right path # Move it to the right path