From 197ca7e36ffe8fa9b06f42c289c698077a1e2797 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 20 Aug 2020 14:56:49 +0200
Subject: [PATCH 1/3] update: warn with --nosign if keystore/repo_pubkey are
 not present

This should also make it easier to use index.make() as an API function
since this changes whether the instance var exists before checking the
value.
---
 fdroidserver/index.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index d6d396a5..a21bb91b 100644
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -57,7 +57,10 @@ def make(apps, apks, repodir, archive):
     """
     from fdroidserver.update import METADATA_VERSION
 
-    if not common.options.nosign:
+    if hasattr(common.options, 'nosign') and common.options.nosign:
+        if 'keystore' not in common.config and 'repo_pubkey' not in common.config:
+            raise FDroidException(_('"repo_pubkey" must be present in config.py when using --nosign!'))
+    else:
         common.assert_config_keystore(common.config)
 
     # Historically the index has been sorted by App Name, so we enforce this ordering here

From 32a0c610103272e955ced42e6937540c2b62d126 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 25 Jan 2021 23:27:24 +0100
Subject: [PATCH 2/3] init: enable apksigner by default if it is found

---
 CHANGELOG.md         |  1 +
 fdroidserver/init.py |  4 +++-
 tests/init.TestCase  | 22 ++++++++++++++++++++++
 tests/run-tests      |  7 ++++++-
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d6497e1..75a7a058 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,7 @@ milestone](https://gitlab.com/fdroid/fdroidserver/-/milestones/10)
 * Smoother process for signing APKs with `apksigner`
   ([!736](https://gitlab.com/fdroid/fdroidserver/merge_requests/736))
   ([!821](https://gitlab.com/fdroid/fdroidserver/merge_requests/821))
+* `apksigner` is used by default on new repos
 * All parts except _build_ and _publish_ work without the Android SDK
   ([!821](https://gitlab.com/fdroid/fdroidserver/merge_requests/821))
 * Description: is now passed to clients unchanged, no HTML conversion
diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 7f9fc817..64809771 100644
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -148,7 +148,9 @@ def main():
 
     # enable apksigner by default so v2/v3 APK signatures validate
     if common.find_apksigner() is not None:
-        test_config['apksigner'] = common.find_apksigner()
+        apksigner = common.find_apksigner()
+        test_config['apksigner'] = apksigner
+        common.write_to_config(test_config, 'apksigner', apksigner)
 
     # the NDK is optional and there may be multiple versions of it, so it's
     # left for the user to configure
diff --git a/tests/init.TestCase b/tests/init.TestCase
index f080ff74..30d4db32 100755
--- a/tests/init.TestCase
+++ b/tests/init.TestCase
@@ -9,6 +9,7 @@ import optparse
 import sys
 import tempfile
 import unittest
+import yaml
 
 
 localmodule = os.path.realpath(
@@ -30,6 +31,7 @@ class InitTest(unittest.TestCase):
         if not os.path.exists(self.tmpdir):
             os.makedirs(self.tmpdir)
         os.chdir(self.basedir)
+        fdroidserver.common.config = None
         fdroidserver.init.config = None
 
     def test_disable_in_config(self):
@@ -38,6 +40,7 @@ class InitTest(unittest.TestCase):
         with open('config.yml', 'w') as fp:
             fp.write('keystore: NONE\n')
             fp.write('keypass: mysupersecrets\n')
+        os.chmod('config.yml', 0o600)
         config = fdroidserver.common.read_config(fdroidserver.common.options)
         self.assertEqual('NONE', config['keystore'])
         self.assertEqual('mysupersecrets', config['keypass'])
@@ -48,6 +51,25 @@ class InitTest(unittest.TestCase):
         config = fdroidserver.common.read_config(fdroidserver.common.options)
         self.assertIsNone(config.get('keypass'))
 
+    def test_main_in_empty_dir(self):
+        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
+        os.chdir(testdir)
+
+        bindir = os.path.join(os.getcwd(), 'bin')
+        os.mkdir(bindir)
+        apksigner = os.path.join(bindir, 'apksigner')
+        open(apksigner, 'w').close()
+        os.chmod(apksigner, 0o755)
+        os.environ['PATH'] = bindir
+
+        sys.argv = ['fdroid init']
+        fdroidserver.init.main()
+        with open('config.yml') as fp:
+            config = yaml.safe_load(fp)
+        self.assertTrue(os.path.exists(config['keystore']))
+        self.assertTrue(os.path.exists(config['apksigner']))
+        self.assertEqual(apksigner, config['apksigner'])
+
 
 if __name__ == "__main__":
     os.chdir(os.path.dirname(__file__))
diff --git a/tests/run-tests b/tests/run-tests
index 693c89e6..af415243 100755
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -75,6 +75,10 @@ is_MD5_disabled() {
     return $?
 }
 
+use_apksigner() {
+    test -x "`sed -En 's,^ *apksigner: +,,p' config.yml`"
+}
+
 #------------------------------------------------------------------------------#
 # "main"
 
@@ -312,7 +316,7 @@ cp $WORKSPACE/tests/urzip.apk \
 printf '\narchive_older: 3\n' >> config.yml
 
 $fdroid update --pretty --nosign
-if which apksigner; then
+if use_apksigner; then
     test `grep '<package>' archive/index.xml | wc -l` -eq 2
     test `grep '<package>' repo/index.xml | wc -l` -eq 10
 else
@@ -529,6 +533,7 @@ test -e repo/org.bitbucket.tickytacky.mirrormirror_3.apk
 test -e repo/org.bitbucket.tickytacky.mirrormirror_4.apk
 test -e archive/urzip-badsig.apk
 
+sed -i.tmp '/apksigner:/d' config.yml
 if ! which apksigner; then
     $sed -i.tmp '/allow_disabled_algorithms/d' config.yml
     $fdroid update --pretty --nosign

From e4087f17988a396cc933bde88cfb672a2aeb6614 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 27 Jan 2021 23:50:53 +0100
Subject: [PATCH 3/3] gitlab-ci: hide massively verbose messages from
 sdkmanager

---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f22e492f..dba0f7a2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@ test:
   script:
     - $pip install -e .[test]
     # the `fdroid build` test in tests/run-tests needs android-23
-    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platforms;android-23"
+    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platforms;android-23" > /dev/null
     - cd tests
     - ./complete-ci-tests
 
@@ -218,8 +218,8 @@ fedora_latest:
     - printf "\n79120722343a6f314e0719f863036c702b0e6b2a\n84831b9409646a918e30573bab4c9c91346d8abd" > $ANDROID_HOME/licenses/android-sdk-preview-license-old
     - mkdir ~/.android
     - touch ~/.android/repositories.cfg
-    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platform-tools"
-    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "build-tools;$BUILD_TOOLS_VERSION"
+    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "platform-tools" > /dev/null
+    - echo y | $ANDROID_HOME/tools/bin/sdkmanager "build-tools;$BUILD_TOOLS_VERSION" > /dev/null
     - chown -R testuser .
     - cd tests
     - su testuser --login --command