Security Model: fix F-Droid.apk download links gets replaced by in the build
process, so this needs to use just the absolute path to point to the APK.
Since linkchecker runs on Gitlab Pages, those links will be broken there.
So linkchecker needs to ignore them.
parent f88f19b9
......@@ -88,7 +88,7 @@ pages:
- ln -s ../public linkchecker/$CI_PROJECT_NAME
- ruby -run -e httpd linkchecker/ -p 4000 2>&1 /dev/null &
- linkchecker http://localhost:4000/$CI_PROJECT_NAME --config=.linkcheckerrc
--ignore-url ".*/packages/[b-z].*"
--ignore-url ".*/packages/[b-z].*" --ignore-url "/F-Droid\.apk(\.asc)?$"
......@@ -73,16 +73,16 @@ to make it as hard as possible to exploit this vector.
* included on the
[HSTS preload list](, so
major browsers will only ever use HTTPS for all connections to
* a [strong]( TLS/HTTPS configuration
* a [strong]( HTTP Content Security Policy
* [PGP-signature]( on the initial
install [download link](
* [PGP-signature](/F-Droid.apk.asc) on the initial
install [download link](/F-Droid.apk)
* automated
and [random](
that [F-Droid.apk]( has not been tampered with
that [F-Droid.apk](/F-Droid.apk) has not been tampered with
* F-Droid Limited controls many potential phishing domains like
[](, and
......@@ -99,7 +99,7 @@ to make it as hard as possible to exploit this vector.
When F-Droid is built into Android, either as part of the ROM or by
flashing an
[OTA update](,
[OTA update]({{ site.baseurl }}/packages/org.fdroid.fdroid.privileged.ota/),
it no longer needs "Unknown Sources" enabled to function. This is the
preferred method of operation, so we aim to make it as easy as
possible for users to run F-Droid this way. Flashing the OTA package
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment