mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
Allow repo pubkey to defined directly in config
This commit is contained in:
parent
1cc1ee32ee
commit
4ae896511e
@ -73,6 +73,13 @@ The repository of older versions of applications from the main demo repository.
|
|||||||
# jarsigner using -alias. (Not needed in an unsigned repository).
|
# jarsigner using -alias. (Not needed in an unsigned repository).
|
||||||
# repo_keyalias = "fdroidrepo"
|
# repo_keyalias = "fdroidrepo"
|
||||||
|
|
||||||
|
# Optionally, the public key for the key defined by repo_keyalias above can
|
||||||
|
# be specified here. There is no need to do this, as the public key can and
|
||||||
|
# will be retrieved from the keystore when needed. However, specifying it
|
||||||
|
# manually can allow some processing to take place without access to the
|
||||||
|
# keystore.
|
||||||
|
# repo_pubkey = "..."
|
||||||
|
|
||||||
# The keystore to use for release keys when building. This needs to be
|
# The keystore to use for release keys when building. This needs to be
|
||||||
# somewhere safe and secure, and backed up! The best way to manage these
|
# somewhere safe and secure, and backed up! The best way to manage these
|
||||||
# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
|
# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
|
||||||
|
@ -33,6 +33,7 @@ from pyasn1.error import PyAsn1Error
|
|||||||
from pyasn1.codec.der import decoder, encoder
|
from pyasn1.codec.der import decoder, encoder
|
||||||
from pyasn1_modules import rfc2315
|
from pyasn1_modules import rfc2315
|
||||||
from hashlib import md5
|
from hashlib import md5
|
||||||
|
from binascii import hexlify, unhexlify
|
||||||
|
|
||||||
from PIL import Image
|
from PIL import Image
|
||||||
import logging
|
import logging
|
||||||
@ -714,20 +715,24 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
|||||||
return " ".join(ret)
|
return " ".join(ret)
|
||||||
|
|
||||||
def extract_pubkey():
|
def extract_pubkey():
|
||||||
p = FDroidPopen(['keytool', '-exportcert',
|
|
||||||
'-alias', config['repo_keyalias'],
|
|
||||||
'-keystore', config['keystore'],
|
|
||||||
'-storepass:file', config['keystorepassfile']]
|
|
||||||
+ config['smartcardoptions'], output=False)
|
|
||||||
if p.returncode != 0:
|
|
||||||
msg = "Failed to get repo pubkey!"
|
|
||||||
if config['keystore'] == 'NONE':
|
|
||||||
msg += ' Is your crypto smartcard plugged in?'
|
|
||||||
logging.critical(msg)
|
|
||||||
sys.exit(1)
|
|
||||||
global repo_pubkey_fingerprint
|
global repo_pubkey_fingerprint
|
||||||
repo_pubkey_fingerprint = cert_fingerprint(p.output)
|
if 'repo_pubkey' in config:
|
||||||
return "".join("%02x" % ord(b) for b in p.output)
|
pubkey = unhexlify(config['repo_pubkey'])
|
||||||
|
else:
|
||||||
|
p = FDroidPopen(['keytool', '-exportcert',
|
||||||
|
'-alias', config['repo_keyalias'],
|
||||||
|
'-keystore', config['keystore'],
|
||||||
|
'-storepass:file', config['keystorepassfile']]
|
||||||
|
+ config['smartcardoptions'], output=False)
|
||||||
|
if p.returncode != 0:
|
||||||
|
msg = "Failed to get repo pubkey!"
|
||||||
|
if config['keystore'] == 'NONE':
|
||||||
|
msg += ' Is your crypto smartcard plugged in?'
|
||||||
|
logging.critical(msg)
|
||||||
|
sys.exit(1)
|
||||||
|
pubkey = p.output
|
||||||
|
repo_pubkey_fingerprint = cert_fingerprint(pubkey)
|
||||||
|
return hexlify(pubkey)
|
||||||
|
|
||||||
repoel.setAttribute("pubkey", extract_pubkey())
|
repoel.setAttribute("pubkey", extract_pubkey())
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user