mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-14 02:50:12 +01:00
in 'fdroid init' if no keystore exists or was given, then generate it
This commit is contained in:
parent
75d616c5e5
commit
3ea4e08135
@ -19,9 +19,12 @@
|
|||||||
# You should have received a copy of the GNU Affero General Public License
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
import hashlib
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
import shutil
|
import shutil
|
||||||
|
import socket
|
||||||
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
from optparse import OptionParser
|
from optparse import OptionParser
|
||||||
|
|
||||||
@ -41,6 +44,40 @@ def write_to_config(key, value):
|
|||||||
with open('config.py', 'w') as f:
|
with open('config.py', 'w') as f:
|
||||||
f.writelines(data)
|
f.writelines(data)
|
||||||
|
|
||||||
|
|
||||||
|
def genpassword():
|
||||||
|
'''generate a random password for when generating keys'''
|
||||||
|
h = hashlib.sha256()
|
||||||
|
h.update(os.urandom(16)) # salt
|
||||||
|
h.update(bytes(socket.getfqdn()))
|
||||||
|
return h.digest().encode('base64').strip()
|
||||||
|
|
||||||
|
|
||||||
|
def genkey(keystore, repo_keyalias, password, keydname):
|
||||||
|
'''generate a new keystore with a new key in it for signing repos'''
|
||||||
|
print('Generating a new key in "' + keystore + '"...')
|
||||||
|
p = subprocess.Popen(['keytool', '-genkey',
|
||||||
|
'-keystore', keystore, '-alias', repo_keyalias,
|
||||||
|
'-keyalg', 'RSA', '-keysize', '4096',
|
||||||
|
'-sigalg', 'SHA256withRSA',
|
||||||
|
'-validity', '10000',
|
||||||
|
'-storepass', password, '-keypass', password,
|
||||||
|
'-dname', keydname],
|
||||||
|
stdout=subprocess.PIPE)
|
||||||
|
output = p.communicate()[0]
|
||||||
|
print(output)
|
||||||
|
if p.returncode != 0:
|
||||||
|
raise BuildException("Failed to generate key")
|
||||||
|
# now show the lovely key that was just generated
|
||||||
|
p = subprocess.Popen(['keytool', '-list', '-v',
|
||||||
|
'-keystore', keystore, '-alias', repo_keyalias],
|
||||||
|
stdin=subprocess.PIPE,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
output = p.communicate(password)[0]
|
||||||
|
print(output.lstrip().strip() + '\n\n')
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
|
||||||
global options, config
|
global options, config
|
||||||
@ -49,6 +86,8 @@ def main():
|
|||||||
parser = OptionParser()
|
parser = OptionParser()
|
||||||
parser.add_option("-v", "--verbose", action="store_true", default=False,
|
parser.add_option("-v", "--verbose", action="store_true", default=False,
|
||||||
help="Spew out even more information than normal")
|
help="Spew out even more information than normal")
|
||||||
|
parser.add_option("--keystore", default=None,
|
||||||
|
help="Path to the keystore for the repo signing key")
|
||||||
(options, args) = parser.parse_args()
|
(options, args) = parser.parse_args()
|
||||||
|
|
||||||
# find root install prefix
|
# find root install prefix
|
||||||
@ -127,10 +166,39 @@ def main():
|
|||||||
write_to_config('ndk_path', ndk_path)
|
write_to_config('ndk_path', ndk_path)
|
||||||
# the NDK is optional so we don't prompt the user for it if its not found
|
# the NDK is optional so we don't prompt the user for it if its not found
|
||||||
|
|
||||||
|
# find or generate the keystore for the repo signing key. First try the
|
||||||
|
# path written in the default config.py. Then check if the user has
|
||||||
|
# specified a path from the command line, which will trump all others.
|
||||||
|
# Otherwise, create ~/.local/share/fdroidserver and stick it in there.
|
||||||
|
keystore = config['keystore']
|
||||||
|
if options.keystore:
|
||||||
|
if os.path.isfile(options.keystore):
|
||||||
|
keystore = options.keystore
|
||||||
|
else:
|
||||||
|
print('"' + options.keystore + '" does not exist or is not a file!')
|
||||||
|
sys.exit(1)
|
||||||
|
if not os.path.isfile(keystore):
|
||||||
|
# no existing or specified keystore, generate the whole thing
|
||||||
|
keystoredir = os.path.join(os.getenv('HOME'),
|
||||||
|
'.local', 'share', 'fdroidserver')
|
||||||
|
if not os.path.exists(keystoredir):
|
||||||
|
os.makedirs(keystoredir, mode=0o700)
|
||||||
|
keystore = os.path.join(keystoredir, 'keystore.jks')
|
||||||
|
repo_keyalias = socket.getfqdn()
|
||||||
|
password = genpassword()
|
||||||
|
keydname = 'CN=' + repo_keyalias + ', OU=F-Droid'
|
||||||
|
write_to_config('keystore', keystore)
|
||||||
|
write_to_config('repo_keyalias', repo_keyalias)
|
||||||
|
write_to_config('keystorepass', password)
|
||||||
|
write_to_config('keypass', password)
|
||||||
|
write_to_config('keydname', keydname)
|
||||||
|
genkey(keystore, repo_keyalias, password, keydname)
|
||||||
|
|
||||||
print('Built repo in "' + repodir + '" with this config:')
|
print('Built repo in "' + repodir + '" with this config:')
|
||||||
print(' Android SDK:\t\t\t' + sdk_path)
|
print(' Android SDK:\t\t\t' + sdk_path)
|
||||||
print(' Android SDK Build Tools:\t' + os.path.dirname(aapt))
|
print(' Android SDK Build Tools:\t' + os.path.dirname(aapt))
|
||||||
print(' Android NDK (optional):\t' + ndk_path)
|
print(' Android NDK (optional):\t' + ndk_path)
|
||||||
|
print(' Keystore for signing key:\t' + keystore)
|
||||||
print('\nTo complete the setup, add your APKs to "' +
|
print('\nTo complete the setup, add your APKs to "' +
|
||||||
os.path.join(repodir, 'repo') + '"' +
|
os.path.join(repodir, 'repo') + '"' +
|
||||||
'''
|
'''
|
||||||
@ -139,4 +207,5 @@ then run "fdroid update -c; fdroid update". You might also want to edit
|
|||||||
a signing key.
|
a signing key.
|
||||||
|
|
||||||
For more info: https://f-droid.org/manual/fdroid.html#Simple-Binary-Repository
|
For more info: https://f-droid.org/manual/fdroid.html#Simple-Binary-Repository
|
||||||
|
and https://f-droid.org/manual/fdroid.html#Signing
|
||||||
''')
|
''')
|
||||||
|
Loading…
Reference in New Issue
Block a user