1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-19 21:30:10 +01:00

publish: use common signing method

This is currently still jarsigner based but will at least use sha256
when possible
This commit is contained in:
Marcus Hoffmann 2020-04-11 23:04:43 +02:00
parent 6128f93d26
commit 066978cbcf
2 changed files with 4 additions and 15 deletions

View File

@ -3064,7 +3064,7 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir):
One of the inputs is signed, the other is unsigned. The signature metadata One of the inputs is signed, the other is unsigned. The signature metadata
is transferred from the signed to the unsigned apk, and then jarsigner is is transferred from the signed to the unsigned apk, and then jarsigner is
used to verify that the signature from the signed apk is also varlid for used to verify that the signature from the signed apk is also valid for
the unsigned one. If the APK given as unsigned actually does have a the unsigned one. If the APK given as unsigned actually does have a
signature, it will be stripped out and ignored. signature, it will be stripped out and ignored.

View File

@ -319,7 +319,7 @@ def main():
# characters are significant, so we'll use the first 8 from # characters are significant, so we'll use the first 8 from
# the MD5 of the app's ID and hope there are no collisions. # the MD5 of the app's ID and hope there are no collisions.
# If a collision does occur later, we're going to have to # If a collision does occur later, we're going to have to
# come up with a new alogrithm, AND rename all existing keys # come up with a new algorithm, AND rename all existing keys
# in the keystore! # in the keystore!
if not skipsigning: if not skipsigning:
if appid in config['keyaliases']: if appid in config['keyaliases']:
@ -367,23 +367,12 @@ def main():
unsigned_dir, unsigned_dir,
output_dir)) output_dir))
# TODO replace below with common.sign_apk() once it has proven stable # Sign and zipalign the application...
# Sign the application... common.sign_apk(apkfile, signed_apk_path, keyalias)
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-keypass:env', 'FDROID_KEY_PASS', '-sigalg',
'SHA1withRSA', '-digestalg', 'SHA1',
apkfile, keyalias], envs=env_vars)
if p.returncode != 0:
raise BuildException(_("Failed to sign application"), p.output)
if appid not in signed_apks: if appid not in signed_apks:
signed_apks[appid] = [] signed_apks[appid] = []
signed_apks[appid].append(apkfile) signed_apks[appid].append(apkfile)
# Zipalign it...
common._zipalign(apkfile, os.path.join(output_dir, apkfilename))
os.remove(apkfile)
publish_source_tarball(apkfilename, unsigned_dir, output_dir) publish_source_tarball(apkfilename, unsigned_dir, output_dir)
logging.info('Published ' + apkfilename) logging.info('Published ' + apkfilename)