publish: use common signing method

This is currently still jarsigner based but will at least use sha256 when possible
2024-10-02 09:10:11 +02:00 · 2020-04-11 23:04:43 +02:00 · 2020-04-11 23:04:43 +02:00 · 066978cbcf
commit 066978cbcf
parent 6128f93d26
2 changed files with 4 additions and 15 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -3064,7 +3064,7 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir):

    One of the inputs is signed, the other is unsigned. The signature metadata
    is transferred from the signed to the unsigned apk, and then jarsigner is
-    used to verify that the signature from the signed apk is also varlid for
+    used to verify that the signature from the signed apk is also valid for
    the unsigned one.  If the APK given as unsigned actually does have a
    signature, it will be stripped out and ignored.

--- a/fdroidserver/publish.py
+++ b/fdroidserver/publish.py
@ -319,7 +319,7 @@ def main():
            # characters are significant, so we'll use the first 8 from
            # the MD5 of the app's ID and hope there are no collisions.
            # If a collision does occur later, we're going to have to
-            # come up with a new alogrithm, AND rename all existing keys
+            # come up with a new algorithm, AND rename all existing keys
            # in the keystore!
            if not skipsigning:
                if appid in config['keyaliases']:
@ -367,23 +367,12 @@ def main():
                                                                      unsigned_dir,
                                                                      output_dir))

-                # TODO replace below with common.sign_apk() once it has proven stable
-                # Sign the application...
-                p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
-                                 '-storepass:env', 'FDROID_KEY_STORE_PASS',
-                                 '-keypass:env', 'FDROID_KEY_PASS', '-sigalg',
-                                 'SHA1withRSA', '-digestalg', 'SHA1',
-                                 apkfile, keyalias], envs=env_vars)
-                if p.returncode != 0:
-                    raise BuildException(_("Failed to sign application"), p.output)
+                # Sign and zipalign the application...
+                common.sign_apk(apkfile, signed_apk_path, keyalias)
                if appid not in signed_apks:
                    signed_apks[appid] = []
                signed_apks[appid].append(apkfile)

-                # Zipalign it...
-                common._zipalign(apkfile, os.path.join(output_dir, apkfilename))
-                os.remove(apkfile)
-
                publish_source_tarball(apkfilename, unsigned_dir, output_dir)
                logging.info('Published ' + apkfilename)