Allow repo pubkey to defined directly in config

2024-07-07 01:40:10 +02:00 · 2015-01-10 15:44:16 +00:00 · 2015-01-10 15:44:16 +00:00 · 4ae896511e
commit 4ae896511e
parent 1cc1ee32ee
2 changed files with 25 additions and 13 deletions
--- a/examples/config.py
+++ b/examples/config.py
@ -73,6 +73,13 @@ The repository of older versions of applications from the main demo repository.
 # jarsigner using -alias.  (Not needed in an unsigned repository).
 # repo_keyalias = "fdroidrepo"

+# Optionally, the public key for the key defined by repo_keyalias above can
+# be specified here. There is no need to do this, as the public key can and
+# will be retrieved from the keystore when needed. However, specifying it
+# manually can allow some processing to take place without access to the
+# keystore.
+# repo_pubkey = "..."
+
 # The keystore to use for release keys when building. This needs to be
 # somewhere safe and secure, and backed up!  The best way to manage these
 # sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@ -33,6 +33,7 @@ from pyasn1.error import PyAsn1Error
 from pyasn1.codec.der import decoder, encoder
 from pyasn1_modules import rfc2315
 from hashlib import md5
+from binascii import hexlify, unhexlify

 from PIL import Image
 import logging
@ -714,20 +715,24 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
            return " ".join(ret)

        def extract_pubkey():
-            p = FDroidPopen(['keytool', '-exportcert',
-                             '-alias', config['repo_keyalias'],
-                             '-keystore', config['keystore'],
-                             '-storepass:file', config['keystorepassfile']]
-                            + config['smartcardoptions'], output=False)
-            if p.returncode != 0:
-                msg = "Failed to get repo pubkey!"
-                if config['keystore'] == 'NONE':
-                    msg += ' Is your crypto smartcard plugged in?'
-                logging.critical(msg)
-                sys.exit(1)
            global repo_pubkey_fingerprint
-            repo_pubkey_fingerprint = cert_fingerprint(p.output)
-            return "".join("%02x" % ord(b) for b in p.output)
+            if 'repo_pubkey' in config:
+                pubkey = unhexlify(config['repo_pubkey'])
+            else:
+                p = FDroidPopen(['keytool', '-exportcert',
+                                 '-alias', config['repo_keyalias'],
+                                 '-keystore', config['keystore'],
+                                 '-storepass:file', config['keystorepassfile']]
+                                + config['smartcardoptions'], output=False)
+                if p.returncode != 0:
+                    msg = "Failed to get repo pubkey!"
+                    if config['keystore'] == 'NONE':
+                        msg += ' Is your crypto smartcard plugged in?'
+                    logging.critical(msg)
+                    sys.exit(1)
+                pubkey = p.output
+            repo_pubkey_fingerprint = cert_fingerprint(pubkey)
+            return hexlify(pubkey)

        repoel.setAttribute("pubkey", extract_pubkey())