mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-03 17:50:11 +02:00
make publish and update work with a smartcard HSM
Followup to fdroid/fdroidserver!779. We need to add smartcardoptions to every call to keytool and jarsigner as well as handle when keypass not being required and not allowed for pkcs11 keystores.
This commit is contained in:
parent
066978cbcf
commit
004d13a48a
@ -3045,13 +3045,16 @@ def sign_apk(unsigned_path, signed_path, keyalias):
|
||||
else:
|
||||
signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
|
||||
|
||||
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS',
|
||||
'-keypass:env', 'FDROID_KEY_PASS']
|
||||
+ signature_algorithm + [unsigned_path, keyalias],
|
||||
cmd = [config['jarsigner'], '-keystore', config['keystore'],
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS']
|
||||
if config['keystore'] == 'NONE':
|
||||
cmd += config['smartcardoptions']
|
||||
else:
|
||||
cmd += '-keypass:env', 'FDROID_KEY_PASS'
|
||||
p = FDroidPopen(cmd + signature_algorithm + [unsigned_path, keyalias],
|
||||
envs={
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass'], })
|
||||
'FDROID_KEY_PASS': config.get('keypass', "")})
|
||||
if p.returncode != 0:
|
||||
raise BuildException(_("Failed to sign application"), p.output)
|
||||
|
||||
|
@ -77,12 +77,13 @@ def read_fingerprints_from_keystore():
|
||||
are managed by F-Droid, grouped by appid.
|
||||
"""
|
||||
env_vars = {'LC_ALL': 'C.UTF-8',
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass']}
|
||||
p = FDroidPopen([config['keytool'], '-list',
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass']}
|
||||
cmd = [config['keytool'], '-list',
|
||||
'-v', '-keystore', config['keystore'],
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS'],
|
||||
envs=env_vars, output=False)
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS']
|
||||
if config['keystore'] == 'NONE':
|
||||
cmd += config['smartcardoptions']
|
||||
p = FDroidPopen(cmd, envs=env_vars, output=False)
|
||||
if p.returncode != 0:
|
||||
raise FDroidException('could not read keystore {}'.format(config['keystore']))
|
||||
|
||||
@ -115,7 +116,7 @@ def sign_sig_key_fingerprint_list(jar_file):
|
||||
else: # smardcards never use -keypass
|
||||
cmd += '-keypass:env', 'FDROID_KEY_PASS'
|
||||
env_vars = {'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass']}
|
||||
'FDROID_KEY_PASS': config.get('keypass', "")}
|
||||
p = common.FDroidPopen(cmd, envs=env_vars)
|
||||
if p.returncode != 0:
|
||||
raise FDroidException("Failed to sign '{}'!".format(jar_file))
|
||||
@ -340,20 +341,27 @@ def main():
|
||||
# if not generate one...
|
||||
env_vars = {'LC_ALL': 'C.UTF-8',
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass']}
|
||||
p = FDroidPopen([config['keytool'], '-list',
|
||||
'FDROID_KEY_PASS': config.get('keypass', "")}
|
||||
cmd = [config['keytool'], '-list',
|
||||
'-alias', keyalias, '-keystore', config['keystore'],
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS'], envs=env_vars)
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS']
|
||||
if config['keystore'] == 'NONE':
|
||||
cmd += config['smartcardoptions']
|
||||
p = FDroidPopen(cmd, envs=env_vars)
|
||||
if p.returncode != 0:
|
||||
logging.info("Key does not exist - generating...")
|
||||
p = FDroidPopen([config['keytool'], '-genkey',
|
||||
cmd = [config['keytool'], '-genkey',
|
||||
'-keystore', config['keystore'],
|
||||
'-alias', keyalias,
|
||||
'-keyalg', 'RSA', '-keysize', '2048',
|
||||
'-validity', '10000',
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS',
|
||||
'-keypass:env', 'FDROID_KEY_PASS',
|
||||
'-dname', config['keydname']], envs=env_vars)
|
||||
'-dname', config['keydname']]
|
||||
if config['keystore'] == 'NONE':
|
||||
cmd += config['smartcardoptions']
|
||||
else:
|
||||
cmd += '-keypass:env', 'FDROID_KEY_PASS'
|
||||
p = FDroidPopen(cmd, envs=env_vars)
|
||||
if p.returncode != 0:
|
||||
raise BuildException("Failed to generate key", p.output)
|
||||
if appid not in generated_keys:
|
||||
|
@ -52,7 +52,7 @@ def sign_jar(jar):
|
||||
args += ['-keypass:env', 'FDROID_KEY_PASS']
|
||||
env_vars = {
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass'],
|
||||
'FDROID_KEY_PASS': config.get('keypass', ""),
|
||||
}
|
||||
p = common.FDroidPopen(args, envs=env_vars)
|
||||
if p.returncode != 0:
|
||||
|
Loading…
Reference in New Issue
Block a user