mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
Allow repo pubkey to defined directly in config
This commit is contained in:
parent
1cc1ee32ee
commit
4ae896511e
@ -73,6 +73,13 @@ The repository of older versions of applications from the main demo repository.
|
||||
# jarsigner using -alias. (Not needed in an unsigned repository).
|
||||
# repo_keyalias = "fdroidrepo"
|
||||
|
||||
# Optionally, the public key for the key defined by repo_keyalias above can
|
||||
# be specified here. There is no need to do this, as the public key can and
|
||||
# will be retrieved from the keystore when needed. However, specifying it
|
||||
# manually can allow some processing to take place without access to the
|
||||
# keystore.
|
||||
# repo_pubkey = "..."
|
||||
|
||||
# The keystore to use for release keys when building. This needs to be
|
||||
# somewhere safe and secure, and backed up! The best way to manage these
|
||||
# sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
|
||||
|
@ -33,6 +33,7 @@ from pyasn1.error import PyAsn1Error
|
||||
from pyasn1.codec.der import decoder, encoder
|
||||
from pyasn1_modules import rfc2315
|
||||
from hashlib import md5
|
||||
from binascii import hexlify, unhexlify
|
||||
|
||||
from PIL import Image
|
||||
import logging
|
||||
@ -714,20 +715,24 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
||||
return " ".join(ret)
|
||||
|
||||
def extract_pubkey():
|
||||
p = FDroidPopen(['keytool', '-exportcert',
|
||||
'-alias', config['repo_keyalias'],
|
||||
'-keystore', config['keystore'],
|
||||
'-storepass:file', config['keystorepassfile']]
|
||||
+ config['smartcardoptions'], output=False)
|
||||
if p.returncode != 0:
|
||||
msg = "Failed to get repo pubkey!"
|
||||
if config['keystore'] == 'NONE':
|
||||
msg += ' Is your crypto smartcard plugged in?'
|
||||
logging.critical(msg)
|
||||
sys.exit(1)
|
||||
global repo_pubkey_fingerprint
|
||||
repo_pubkey_fingerprint = cert_fingerprint(p.output)
|
||||
return "".join("%02x" % ord(b) for b in p.output)
|
||||
if 'repo_pubkey' in config:
|
||||
pubkey = unhexlify(config['repo_pubkey'])
|
||||
else:
|
||||
p = FDroidPopen(['keytool', '-exportcert',
|
||||
'-alias', config['repo_keyalias'],
|
||||
'-keystore', config['keystore'],
|
||||
'-storepass:file', config['keystorepassfile']]
|
||||
+ config['smartcardoptions'], output=False)
|
||||
if p.returncode != 0:
|
||||
msg = "Failed to get repo pubkey!"
|
||||
if config['keystore'] == 'NONE':
|
||||
msg += ' Is your crypto smartcard plugged in?'
|
||||
logging.critical(msg)
|
||||
sys.exit(1)
|
||||
pubkey = p.output
|
||||
repo_pubkey_fingerprint = cert_fingerprint(pubkey)
|
||||
return hexlify(pubkey)
|
||||
|
||||
repoel.setAttribute("pubkey", extract_pubkey())
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user