From 272eb91bc4d59a58b0670adcff5fcb4cff353b95 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Thu, 21 Apr 2016 17:34:55 +0200
Subject: fix sign command

---
 CHANGELOG.md     | 3 +++
 Makefile         | 4 ++--
 appinfo/info.xml | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ffd21b1ee..9ab61ef11 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+owncloud-news (8.7.2)
+* **Security**: Sign application to make missing/outdated files more easily detectable and prevent attackers from potentially serving a malicious News app from the app store
+
 owncloud-news (8.7.1)
 * **Bugfix**: Send Chrome's user agent string instead of our own since mod_security, which is used on some servers, thinks that only browsers are allowed to send user agents. This will fix feed updates for some websites, e.g. joomla.org, (because we all know that Joomla is big on security ;) ), #978
 
diff --git a/Makefile b/Makefile
index 129aa8aa7..c6113e581 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,7 @@ composer=$(shell which composer 2> /dev/null)
 occ=$(CURDIR)/../../occ
 private_key=$(HOME)/.owncloud/$(app_name).key
 certificate=$(HOME)/.owncloud/$(app_name).crt
-sign="$(occ) integrity:sign-app --privateKey=$(private_key) --certificate=$(certificate)"
+sign=php -f $(occ) integrity:sign-app --privateKey="$(private_key)" --certificate="$(certificate)"
 sign_skip_msg="Skipping signing, either no key and certificate found in $(private_key) and $(certificate) or occ can not be found at $(occ)"
 ifneq (,$(wildcard $(private_key)))
 ifneq (,$(wildcard $(certificate)))
@@ -183,7 +183,7 @@ appstore:
 	"js/admin/Admin.js" \
 	$(appstore_build_directory)
 ifdef CAN_SIGN
-	$(sign) --path $(appstore_build_directory)
+	$(sign) --path="$(appstore_build_directory)"
 else
 	@echo $(sign_skip_msg)
 endif
diff --git a/appinfo/info.xml b/appinfo/info.xml
index ce18fb387..61178f616 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -7,7 +7,7 @@
     <author>Bernhard Posselt, Alessandro Cosentino, Jan-Christoph Borchardt</author>
     <category>multimedia</category>
     <licence>AGPL</licence>
-    <version>8.7.1</version>
+    <version>8.7.2</version>
     <namespace>News</namespace>
 
     <!-- resources -->
-- 
cgit v1.2.3