mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
use jarsigner and keytool from same JDK as is being set in JAVA7_HOME
Using the same JDK throughout should prevent weird bugs where a setup might use Java8's jarsigner and Java7's keytool. This also allows the user to set java_paths and have jarsigner and keytool used from that specified JDK. This incorporates almost all of the patch that is in the Debian package that forces fdroidserver to use the default JDK on that Debian release. closes #93 https://gitlab.com/fdroid/fdroidserver/issues/93
This commit is contained in:
parent
fdf17e809c
commit
69c81c3817
@ -154,6 +154,14 @@ def fill_config_defaults(thisconfig):
|
|||||||
else:
|
else:
|
||||||
thisconfig['java_paths'][m.group(1)] = d
|
thisconfig['java_paths'][m.group(1)] = d
|
||||||
|
|
||||||
|
for java_version in ('7', '8', '9'):
|
||||||
|
java_home = thisconfig['java_paths'][java_version]
|
||||||
|
jarsigner = os.path.join(java_home, 'bin', 'jarsigner')
|
||||||
|
if os.path.exists(jarsigner):
|
||||||
|
thisconfig['jarsigner'] = jarsigner
|
||||||
|
thisconfig['keytool'] = os.path.join(java_home, 'bin', 'keytool')
|
||||||
|
break # Java7 is preferred, so quit if found
|
||||||
|
|
||||||
for k in ['ndk_paths', 'java_paths']:
|
for k in ['ndk_paths', 'java_paths']:
|
||||||
d = thisconfig[k]
|
d = thisconfig[k]
|
||||||
for k2 in d.copy():
|
for k2 in d.copy():
|
||||||
@ -1810,7 +1818,7 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir):
|
|||||||
for meta_inf_file in meta_inf_files:
|
for meta_inf_file in meta_inf_files:
|
||||||
unsigned_apk_as_zip.write(os.path.join(tmp_dir, meta_inf_file), arcname=meta_inf_file)
|
unsigned_apk_as_zip.write(os.path.join(tmp_dir, meta_inf_file), arcname=meta_inf_file)
|
||||||
|
|
||||||
if subprocess.call(['jarsigner', '-verify', unsigned_apk]) != 0:
|
if subprocess.call([config['jarsigner'], '-verify', unsigned_apk]) != 0:
|
||||||
logging.info("...NOT verified - {0}".format(signed_apk))
|
logging.info("...NOT verified - {0}".format(signed_apk))
|
||||||
return compare_apks(signed_apk, unsigned_apk, tmp_dir)
|
return compare_apks(signed_apk, unsigned_apk, tmp_dir)
|
||||||
logging.info("...successfully verified")
|
logging.info("...successfully verified")
|
||||||
@ -1912,7 +1920,7 @@ def genkeystore(localconfig):
|
|||||||
|
|
||||||
write_password_file("keystorepass", localconfig['keystorepass'])
|
write_password_file("keystorepass", localconfig['keystorepass'])
|
||||||
write_password_file("keypass", localconfig['keypass'])
|
write_password_file("keypass", localconfig['keypass'])
|
||||||
p = FDroidPopen(['keytool', '-genkey',
|
p = FDroidPopen([config['keytool'], '-genkey',
|
||||||
'-keystore', localconfig['keystore'],
|
'-keystore', localconfig['keystore'],
|
||||||
'-alias', localconfig['repo_keyalias'],
|
'-alias', localconfig['repo_keyalias'],
|
||||||
'-keyalg', 'RSA', '-keysize', '4096',
|
'-keyalg', 'RSA', '-keysize', '4096',
|
||||||
@ -1926,7 +1934,7 @@ def genkeystore(localconfig):
|
|||||||
raise BuildException("Failed to generate key", p.output)
|
raise BuildException("Failed to generate key", p.output)
|
||||||
os.chmod(localconfig['keystore'], 0o0600)
|
os.chmod(localconfig['keystore'], 0o0600)
|
||||||
# now show the lovely key that was just generated
|
# now show the lovely key that was just generated
|
||||||
p = FDroidPopen(['keytool', '-list', '-v',
|
p = FDroidPopen([config['keytool'], '-list', '-v',
|
||||||
'-keystore', localconfig['keystore'],
|
'-keystore', localconfig['keystore'],
|
||||||
'-alias', localconfig['repo_keyalias'],
|
'-alias', localconfig['repo_keyalias'],
|
||||||
'-storepass:file', config['keystorepassfile']])
|
'-storepass:file', config['keystorepassfile']])
|
||||||
|
@ -47,6 +47,10 @@ def main():
|
|||||||
|
|
||||||
config = common.read_config(options)
|
config = common.read_config(options)
|
||||||
|
|
||||||
|
if not ('jarsigner' in config and 'keytool' in config):
|
||||||
|
logging.critical('Java JDK not found! Install in standard location or set java_paths!')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
log_dir = 'logs'
|
log_dir = 'logs'
|
||||||
if not os.path.isdir(log_dir):
|
if not os.path.isdir(log_dir):
|
||||||
logging.info("Creating log directory")
|
logging.info("Creating log directory")
|
||||||
@ -163,12 +167,12 @@ def main():
|
|||||||
|
|
||||||
# See if we already have a key for this application, and
|
# See if we already have a key for this application, and
|
||||||
# if not generate one...
|
# if not generate one...
|
||||||
p = FDroidPopen(['keytool', '-list',
|
p = FDroidPopen([config['keytool'], '-list',
|
||||||
'-alias', keyalias, '-keystore', config['keystore'],
|
'-alias', keyalias, '-keystore', config['keystore'],
|
||||||
'-storepass:file', config['keystorepassfile']])
|
'-storepass:file', config['keystorepassfile']])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
logging.info("Key does not exist - generating...")
|
logging.info("Key does not exist - generating...")
|
||||||
p = FDroidPopen(['keytool', '-genkey',
|
p = FDroidPopen([config['keytool'], '-genkey',
|
||||||
'-keystore', config['keystore'],
|
'-keystore', config['keystore'],
|
||||||
'-alias', keyalias,
|
'-alias', keyalias,
|
||||||
'-keyalg', 'RSA', '-keysize', '2048',
|
'-keyalg', 'RSA', '-keysize', '2048',
|
||||||
@ -181,7 +185,7 @@ def main():
|
|||||||
raise BuildException("Failed to generate key")
|
raise BuildException("Failed to generate key")
|
||||||
|
|
||||||
# Sign the application...
|
# Sign the application...
|
||||||
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
|
||||||
'-storepass:file', config['keystorepassfile'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
'-keypass:file', config['keypassfile'], '-sigalg',
|
'-keypass:file', config['keypassfile'], '-sigalg',
|
||||||
'SHA1withRSA', '-digestalg', 'SHA1',
|
'SHA1withRSA', '-digestalg', 'SHA1',
|
||||||
|
@ -40,6 +40,10 @@ def main():
|
|||||||
|
|
||||||
config = common.read_config(options)
|
config = common.read_config(options)
|
||||||
|
|
||||||
|
if not 'jarsigner' in config:
|
||||||
|
logging.critical('Java jarsigner not found! Install in standard location or set java_paths!')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
repodirs = ['repo']
|
repodirs = ['repo']
|
||||||
if config['archive_older'] != 0:
|
if config['archive_older'] != 0:
|
||||||
repodirs.append('archive')
|
repodirs.append('archive')
|
||||||
@ -53,7 +57,7 @@ def main():
|
|||||||
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
|
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
|
||||||
if os.path.exists(unsigned):
|
if os.path.exists(unsigned):
|
||||||
|
|
||||||
args = ['jarsigner', '-keystore', config['keystore'],
|
args = [config['jarsigner'], '-keystore', config['keystore'],
|
||||||
'-storepass:file', config['keystorepassfile'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
||||||
unsigned, config['repo_keyalias']]
|
unsigned, config['repo_keyalias']]
|
||||||
|
@ -367,7 +367,7 @@ def getsig(apkpath):
|
|||||||
cert = None
|
cert = None
|
||||||
|
|
||||||
# verify the jar signature is correct
|
# verify the jar signature is correct
|
||||||
args = ['jarsigner', '-verify', apkpath]
|
args = [config['jarsigner'], '-verify', apkpath]
|
||||||
p = FDroidPopen(args)
|
p = FDroidPopen(args)
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
logging.critical(apkpath + " has a bad signature!")
|
logging.critical(apkpath + " has a bad signature!")
|
||||||
@ -711,7 +711,7 @@ def extract_pubkey():
|
|||||||
if 'repo_pubkey' in config:
|
if 'repo_pubkey' in config:
|
||||||
pubkey = unhexlify(config['repo_pubkey'])
|
pubkey = unhexlify(config['repo_pubkey'])
|
||||||
else:
|
else:
|
||||||
p = FDroidPopen(['keytool', '-exportcert',
|
p = FDroidPopen([config['keytool'], '-exportcert',
|
||||||
'-alias', config['repo_keyalias'],
|
'-alias', config['repo_keyalias'],
|
||||||
'-keystore', config['keystore'],
|
'-keystore', config['keystore'],
|
||||||
'-storepass:file', config['keystorepassfile']]
|
'-storepass:file', config['keystorepassfile']]
|
||||||
@ -970,7 +970,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
|||||||
if os.path.exists(signed):
|
if os.path.exists(signed):
|
||||||
os.remove(signed)
|
os.remove(signed)
|
||||||
else:
|
else:
|
||||||
args = ['jarsigner', '-keystore', config['keystore'],
|
args = [config['jarsigner'], '-keystore', config['keystore'],
|
||||||
'-storepass:file', config['keystorepassfile'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
||||||
signed, config['repo_keyalias']]
|
signed, config['repo_keyalias']]
|
||||||
@ -1118,6 +1118,10 @@ def main():
|
|||||||
|
|
||||||
config = common.read_config(options)
|
config = common.read_config(options)
|
||||||
|
|
||||||
|
if not ('jarsigner' in config and 'keytool' in config):
|
||||||
|
logging.critical('Java JDK not found! Install in standard location or set java_paths!')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
repodirs = ['repo']
|
repodirs = ['repo']
|
||||||
if config['archive_older'] != 0:
|
if config['archive_older'] != 0:
|
||||||
repodirs.append('archive')
|
repodirs.append('archive')
|
||||||
|
@ -42,6 +42,10 @@ class UpdateTest(unittest.TestCase):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
def testGoodGetsig(self):
|
def testGoodGetsig(self):
|
||||||
|
# config needed to use jarsigner and keytool
|
||||||
|
config = dict()
|
||||||
|
fdroidserver.common.fill_config_defaults(config)
|
||||||
|
fdroidserver.update.config = config
|
||||||
apkfile = os.path.join(os.path.dirname(__file__), 'urzip.apk')
|
apkfile = os.path.join(os.path.dirname(__file__), 'urzip.apk')
|
||||||
sig = self.javagetsig(apkfile)
|
sig = self.javagetsig(apkfile)
|
||||||
self.assertIsNotNone(sig, "sig is None")
|
self.assertIsNotNone(sig, "sig is None")
|
||||||
@ -59,6 +63,10 @@ class UpdateTest(unittest.TestCase):
|
|||||||
self.assertTrue(False, 'TypeError!')
|
self.assertTrue(False, 'TypeError!')
|
||||||
|
|
||||||
def testBadGetsig(self):
|
def testBadGetsig(self):
|
||||||
|
# config needed to use jarsigner and keytool
|
||||||
|
config = dict()
|
||||||
|
fdroidserver.common.fill_config_defaults(config)
|
||||||
|
fdroidserver.update.config = config
|
||||||
apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badsig.apk')
|
apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badsig.apk')
|
||||||
sig = self.javagetsig(apkfile)
|
sig = self.javagetsig(apkfile)
|
||||||
self.assertIsNone(sig, "sig should be None: " + str(sig))
|
self.assertIsNone(sig, "sig should be None: " + str(sig))
|
||||||
|
Loading…
Reference in New Issue
Block a user