Merge branch 'fix_nosign' into 'master'

Fix --nosign semantics

See merge request fdroid/fdroidserver!1125

fdroidserver/index.py

@@ -66,10 +66,7 @@ def make(apps, apks, repodir, archive):
     """
     from fdroidserver.update import METADATA_VERSION
 
-    if hasattr(common.options, 'nosign') and common.options.nosign:
-        if 'keystore' not in common.config and 'repo_pubkey' not in common.config:
-            raise FDroidException(_('"repo_pubkey" must be present in config.yml when using --nosign!'))
-    else:
+    if not hasattr(common.options, 'nosign') or not common.options.nosign:
         common.assert_config_keystore(common.config)
 
     # Historically the index has been sorted by App Name, so we enforce this ordering here
@@ -1378,7 +1375,7 @@ def extract_pubkey():
     """
     if 'repo_pubkey' in common.config:
         pubkey = unhexlify(common.config['repo_pubkey'])
-    else:
+    elif 'keystorepass' in common.config:
         env_vars = {'LC_ALL': 'C.UTF-8',
                     'FDROID_KEY_STORE_PASS': common.config['keystorepass']}
         p = FDroidPopenBytes([common.config['keytool'], '-exportcert',
@@ -1393,6 +1390,9 @@ def extract_pubkey():
                 msg += ' Is your crypto smartcard plugged in?'
             raise FDroidException(msg)
         pubkey = p.output
+    else:
+        raise FDroidException(_('Neither "repo_pubkey" nor "keystorepass" set in config.yml'))
+
     repo_pubkey_fingerprint = common.get_cert_fingerprint(pubkey)
     return hexlify(pubkey), repo_pubkey_fingerprint
 

tests/index.TestCase

@@ -359,6 +359,49 @@ class IndexTest(unittest.TestCase):
         )
         self.assertTrue(os.path.exists(os.path.join('repo', 'index.xml')))
 
+    def test_v0_invalid_config_exception(self):
+        """Index v0 needs additional config values when using --nosign
+
+        index.xml aka Index v0 includes the full repo public key in
+        the XML itself.  So when running `fdroid update --nosign`,
+        there needs to be either repo_pubkey or a full keystore config
+        present.
+
+        """
+        tmptestsdir = tempfile.mkdtemp(
+            prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir
+        )
+        os.chdir(tmptestsdir)
+        os.mkdir('repo')
+        repo_icons_dir = os.path.join('repo', 'icons')
+        self.assertFalse(os.path.isdir(repo_icons_dir))
+        repodict = {
+            'address': 'https://example.com/fdroid/repo',
+            'description': 'This is just a test',
+            'icon': 'blahblah',
+            'name': 'test',
+            'timestamp': datetime.datetime.now(),
+            'version': 12,
+        }
+        requestsdict = {'install': [], 'uninstall': []}
+
+        fdroidserver.common.options.nosign = False
+        with self.assertRaises(fdroidserver.exception.FDroidException):
+            fdroidserver.index.make_v0({}, [], 'repo', repodict, requestsdict, {})
+
+        fdroidserver.common.options.nosign = True
+        with self.assertRaises(fdroidserver.exception.FDroidException):
+            fdroidserver.index.make_v0({}, [], 'repo', repodict, requestsdict, {})
+
+        fdroidserver.common.config['repo_pubkey'] = 'ffffffffffffffffffffffffffffffffff'
+        self.assertFalse(os.path.exists(os.path.join('repo', 'index.xml')))
+        self.assertFalse(os.path.exists(os.path.join('repo', 'index_unsigned.jar')))
+        self.assertFalse(os.path.exists(os.path.join('repo', 'index.jar')))
+        fdroidserver.index.make_v0({}, [], 'repo', repodict, requestsdict, {})
+        self.assertTrue(os.path.exists(os.path.join('repo', 'index.xml')))
+        self.assertTrue(os.path.exists(os.path.join('repo', 'index_unsigned.jar')))
+        self.assertFalse(os.path.exists(os.path.join('repo', 'index.jar')))
+
     def test_github_get_mirror_service_urls(self):
         for url in [
             'git@github.com:foo/bar',