kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-10-05 18:50:09 +02:00
Code Activity

use jarsigner and keytool from same JDK as is being set in JAVA7_HOME

Browse Source 
Using the same JDK throughout should prevent weird bugs where a setup might
use Java8's jarsigner and Java7's keytool.  This also allows the user to
set java_paths and have jarsigner and keytool used from that specified JDK.

This incorporates almost all of the patch that is in the Debian package
that forces fdroidserver to use the default JDK on that Debian release.

closes #93 https://gitlab.com/fdroid/fdroidserver/issues/93
This commit is contained in:
Hans-Christoph Steiner 2016-02-11 20:43:55 +01:00
parent fdf17e809c
commit 69c81c3817
5 changed files with 38 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
fdroidserver/common.py
View File

@ -154,6 +154,14 @@ def fill_config_defaults(thisconfig):
else: else:
thisconfig['java_paths'][m.group(1)] = d thisconfig['java_paths'][m.group(1)] = d
for java_version in ('7', '8', '9'):
java_home = thisconfig['java_paths'][java_version]
jarsigner = os.path.join(java_home, 'bin', 'jarsigner')
if os.path.exists(jarsigner):
thisconfig['jarsigner'] = jarsigner
thisconfig['keytool'] = os.path.join(java_home, 'bin', 'keytool')
break # Java7 is preferred, so quit if found
for k in ['ndk_paths', 'java_paths']: for k in ['ndk_paths', 'java_paths']:
d = thisconfig[k] d = thisconfig[k]
for k2 in d.copy(): for k2 in d.copy():
@ -1810,7 +1818,7 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir):
for meta_inf_file in meta_inf_files: for meta_inf_file in meta_inf_files:
unsigned_apk_as_zip.write(os.path.join(tmp_dir, meta_inf_file), arcname=meta_inf_file) unsigned_apk_as_zip.write(os.path.join(tmp_dir, meta_inf_file), arcname=meta_inf_file)
if subprocess.call(['jarsigner', '-verify', unsigned_apk]) != 0: if subprocess.call([config['jarsigner'], '-verify', unsigned_apk]) != 0:
logging.info("...NOT verified - {0}".format(signed_apk)) logging.info("...NOT verified - {0}".format(signed_apk))
return compare_apks(signed_apk, unsigned_apk, tmp_dir) return compare_apks(signed_apk, unsigned_apk, tmp_dir)
logging.info("...successfully verified") logging.info("...successfully verified")
@ -1912,7 +1920,7 @@ def genkeystore(localconfig):
write_password_file("keystorepass", localconfig['keystorepass']) write_password_file("keystorepass", localconfig['keystorepass'])
write_password_file("keypass", localconfig['keypass']) write_password_file("keypass", localconfig['keypass'])
p = FDroidPopen(['keytool', '-genkey', p = FDroidPopen([config['keytool'], '-genkey',
'-keystore', localconfig['keystore'], '-keystore', localconfig['keystore'],
'-alias', localconfig['repo_keyalias'], '-alias', localconfig['repo_keyalias'],
'-keyalg', 'RSA', '-keysize', '4096', '-keyalg', 'RSA', '-keysize', '4096',
@ -1926,7 +1934,7 @@ def genkeystore(localconfig):
raise BuildException("Failed to generate key", p.output) raise BuildException("Failed to generate key", p.output)
os.chmod(localconfig['keystore'], 0o0600) os.chmod(localconfig['keystore'], 0o0600)
# now show the lovely key that was just generated # now show the lovely key that was just generated
p = FDroidPopen(['keytool', '-list', '-v', p = FDroidPopen([config['keytool'], '-list', '-v',
'-keystore', localconfig['keystore'], '-keystore', localconfig['keystore'],
'-alias', localconfig['repo_keyalias'], '-alias', localconfig['repo_keyalias'],
'-storepass:file', config['keystorepassfile']]) '-storepass:file', config['keystorepassfile']])

10
fdroidserver/publish.py
View File

@ -47,6 +47,10 @@ def main():
config = common.read_config(options) config = common.read_config(options)
if not ('jarsigner' in config and 'keytool' in config):
logging.critical('Java JDK not found! Install in standard location or set java_paths!')
sys.exit(1)
log_dir = 'logs' log_dir = 'logs'
if not os.path.isdir(log_dir): if not os.path.isdir(log_dir):
logging.info("Creating log directory") logging.info("Creating log directory")
@ -163,12 +167,12 @@ def main():
# See if we already have a key for this application, and # See if we already have a key for this application, and
# if not generate one... # if not generate one...
p = FDroidPopen(['keytool', '-list', p = FDroidPopen([config['keytool'], '-list',
'-alias', keyalias, '-keystore', config['keystore'], '-alias', keyalias, '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile']]) '-storepass:file', config['keystorepassfile']])
if p.returncode != 0: if p.returncode != 0:
logging.info("Key does not exist - generating...") logging.info("Key does not exist - generating...")
p = FDroidPopen(['keytool', '-genkey', p = FDroidPopen([config['keytool'], '-genkey',
'-keystore', config['keystore'], '-keystore', config['keystore'],
'-alias', keyalias, '-alias', keyalias,
'-keyalg', 'RSA', '-keysize', '2048', '-keyalg', 'RSA', '-keysize', '2048',
@ -181,7 +185,7 @@ def main():
raise BuildException("Failed to generate key") raise BuildException("Failed to generate key")
# Sign the application... # Sign the application...
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'], p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'], '-storepass:file', config['keystorepassfile'],
'-keypass:file', config['keypassfile'], '-sigalg', '-keypass:file', config['keypassfile'], '-sigalg',
'SHA1withRSA', '-digestalg', 'SHA1', 'SHA1withRSA', '-digestalg', 'SHA1',

6
fdroidserver/signindex.py
View File

@ -40,6 +40,10 @@ def main():
config = common.read_config(options) config = common.read_config(options)
if not 'jarsigner' in config:
logging.critical('Java jarsigner not found! Install in standard location or set java_paths!')
sys.exit(1)
repodirs = ['repo'] repodirs = ['repo']
if config['archive_older'] != 0: if config['archive_older'] != 0:
repodirs.append('archive') repodirs.append('archive')
@ -53,7 +57,7 @@ def main():
unsigned = os.path.join(output_dir, 'index_unsigned.jar') unsigned = os.path.join(output_dir, 'index_unsigned.jar')
if os.path.exists(unsigned): if os.path.exists(unsigned):
args = ['jarsigner', '-keystore', config['keystore'], args = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'], '-storepass:file', config['keystorepassfile'],
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
unsigned, config['repo_keyalias']] unsigned, config['repo_keyalias']]

10
fdroidserver/update.py
View File

@ -367,7 +367,7 @@ def getsig(apkpath):
cert = None cert = None
# verify the jar signature is correct # verify the jar signature is correct
args = ['jarsigner', '-verify', apkpath] args = [config['jarsigner'], '-verify', apkpath]
p = FDroidPopen(args) p = FDroidPopen(args)
if p.returncode != 0: if p.returncode != 0:
logging.critical(apkpath + " has a bad signature!") logging.critical(apkpath + " has a bad signature!")
@ -711,7 +711,7 @@ def extract_pubkey():
if 'repo_pubkey' in config: if 'repo_pubkey' in config:
pubkey = unhexlify(config['repo_pubkey']) pubkey = unhexlify(config['repo_pubkey'])
else: else:
p = FDroidPopen(['keytool', '-exportcert', p = FDroidPopen([config['keytool'], '-exportcert',
'-alias', config['repo_keyalias'], '-alias', config['repo_keyalias'],
'-keystore', config['keystore'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile']] '-storepass:file', config['keystorepassfile']]
@ -970,7 +970,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
if os.path.exists(signed): if os.path.exists(signed):
os.remove(signed) os.remove(signed)
else: else:
args = ['jarsigner', '-keystore', config['keystore'], args = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'], '-storepass:file', config['keystorepassfile'],
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA', '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
signed, config['repo_keyalias']] signed, config['repo_keyalias']]
@ -1118,6 +1118,10 @@ def main():
config = common.read_config(options) config = common.read_config(options)
if not ('jarsigner' in config and 'keytool' in config):
logging.critical('Java JDK not found! Install in standard location or set java_paths!')
sys.exit(1)
repodirs = ['repo'] repodirs = ['repo']
if config['archive_older'] != 0: if config['archive_older'] != 0:
repodirs.append('archive') repodirs.append('archive')

8
tests/update.TestCase
View File

@ -42,6 +42,10 @@ class UpdateTest(unittest.TestCase):
return None return None
def testGoodGetsig(self): def testGoodGetsig(self):
# config needed to use jarsigner and keytool
config = dict()
fdroidserver.common.fill_config_defaults(config)
fdroidserver.update.config = config
apkfile = os.path.join(os.path.dirname(__file__), 'urzip.apk') apkfile = os.path.join(os.path.dirname(__file__), 'urzip.apk')
sig = self.javagetsig(apkfile) sig = self.javagetsig(apkfile)
self.assertIsNotNone(sig, "sig is None") self.assertIsNotNone(sig, "sig is None")
@ -59,6 +63,10 @@ class UpdateTest(unittest.TestCase):
self.assertTrue(False, 'TypeError!') self.assertTrue(False, 'TypeError!')
def testBadGetsig(self): def testBadGetsig(self):
# config needed to use jarsigner and keytool
config = dict()
fdroidserver.common.fill_config_defaults(config)
fdroidserver.update.config = config
apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badsig.apk') apkfile = os.path.join(os.path.dirname(__file__), 'urzip-badsig.apk')
sig = self.javagetsig(apkfile) sig = self.javagetsig(apkfile)
self.assertIsNone(sig, "sig should be None: " + str(sig)) self.assertIsNone(sig, "sig should be None: " + str(sig))