mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-04 02:00:11 +02:00
Merge commit 'refs/merge-requests/137' of gitorious.org:f-droid/fdroidserver
This commit is contained in:
commit
802d5e298c
@ -60,14 +60,18 @@ repo_keyalias = None
|
|||||||
|
|
||||||
#The keystore to use for release keys when building. This needs to be
|
#The keystore to use for release keys when building. This needs to be
|
||||||
#somewhere safe and secure, and backed up!
|
#somewhere safe and secure, and backed up!
|
||||||
keystore = "/home/me/somewhere/my.keystore"
|
#keystore = "/home/me/.local/share/fdroidserver/keystore.jks"
|
||||||
|
|
||||||
#The password for the keystore (at least 6 characters).
|
# The password for the keystore (at least 6 characters). If this password is
|
||||||
keystorepass = "password1"
|
# different than the keypass below, it can be OK to store the password in this
|
||||||
|
# file for real use. But in general, sensitive passwords should not be stored
|
||||||
|
# in text files!
|
||||||
|
#keystorepass = "password1"
|
||||||
|
|
||||||
#The password for keys - the same is used for each auto-generated key
|
# The password for keys - the same is used for each auto-generated key as well
|
||||||
#as well as for the repository key.
|
# as for the repository key. You should not normally store this password in a
|
||||||
keypass = "password2"
|
# file since it is a sensitive password.
|
||||||
|
#keypass = "password2"
|
||||||
|
|
||||||
#The distinguished name used for all keys.
|
#The distinguished name used for all keys.
|
||||||
keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"
|
keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"
|
@ -66,6 +66,8 @@ def read_config(opts, config_file='config.py'):
|
|||||||
'stats_to_carbon': False,
|
'stats_to_carbon': False,
|
||||||
'repo_maxage': 0,
|
'repo_maxage': 0,
|
||||||
'build_server_always': False,
|
'build_server_always': False,
|
||||||
|
'keystore': os.path.join(os.getenv('HOME'),
|
||||||
|
'.local', 'share', 'fdroidserver', 'keystore.jks'),
|
||||||
'char_limits': {
|
'char_limits': {
|
||||||
'Summary' : 50,
|
'Summary' : 50,
|
||||||
'Description' : 1500
|
'Description' : 1500
|
||||||
@ -95,8 +97,26 @@ def read_config(opts, config_file='config.py'):
|
|||||||
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
|
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
|
||||||
logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
|
logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
|
||||||
|
|
||||||
|
for k in ["keystorepass", "keypass"]:
|
||||||
|
if k in config:
|
||||||
|
write_password_file(k)
|
||||||
|
|
||||||
return config
|
return config
|
||||||
|
|
||||||
|
def write_password_file(pwtype, password=None):
|
||||||
|
'''
|
||||||
|
writes out passwords to a protected file instead of passing passwords as
|
||||||
|
command line argments
|
||||||
|
'''
|
||||||
|
filename = '.fdroid.' + pwtype + '.txt'
|
||||||
|
fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
|
||||||
|
if password == None:
|
||||||
|
os.write(fd, config[pwtype])
|
||||||
|
else:
|
||||||
|
os.write(fd, password)
|
||||||
|
os.close(fd)
|
||||||
|
config[pwtype + 'file'] = filename
|
||||||
|
|
||||||
# Given the arguments in the form of multiple appid:[vc] strings, this returns
|
# Given the arguments in the form of multiple appid:[vc] strings, this returns
|
||||||
# a dictionary with the set of vercodes specified for each package.
|
# a dictionary with the set of vercodes specified for each package.
|
||||||
def read_pkg_args(args, allow_vercodes=False):
|
def read_pkg_args(args, allow_vercodes=False):
|
||||||
|
@ -56,12 +56,15 @@ def genpassword():
|
|||||||
def genkey(keystore, repo_keyalias, password, keydname):
|
def genkey(keystore, repo_keyalias, password, keydname):
|
||||||
'''generate a new keystore with a new key in it for signing repos'''
|
'''generate a new keystore with a new key in it for signing repos'''
|
||||||
logging.info('Generating a new key in "' + keystore + '"...')
|
logging.info('Generating a new key in "' + keystore + '"...')
|
||||||
|
write_password_file("keystorepass", password)
|
||||||
|
write_password_file("keypass", password)
|
||||||
p = FDroidPopen(['keytool', '-genkey',
|
p = FDroidPopen(['keytool', '-genkey',
|
||||||
'-keystore', keystore, '-alias', repo_keyalias,
|
'-keystore', keystore, '-alias', repo_keyalias,
|
||||||
'-keyalg', 'RSA', '-keysize', '4096',
|
'-keyalg', 'RSA', '-keysize', '4096',
|
||||||
'-sigalg', 'SHA256withRSA',
|
'-sigalg', 'SHA256withRSA',
|
||||||
'-validity', '10000',
|
'-validity', '10000',
|
||||||
'-storepass', password, '-keypass', password,
|
'-storepass:file', config['keystorepassfile'],
|
||||||
|
'-keypass:file', config['keypassfile'],
|
||||||
'-dname', keydname])
|
'-dname', keydname])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise BuildException("Failed to generate key", p.stdout)
|
raise BuildException("Failed to generate key", p.stdout)
|
||||||
@ -106,7 +109,7 @@ def main():
|
|||||||
# 'metadata' and 'tmp' are created in fdroid
|
# 'metadata' and 'tmp' are created in fdroid
|
||||||
os.mkdir('repo')
|
os.mkdir('repo')
|
||||||
shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
|
shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
|
||||||
shutil.copyfile(os.path.join(examplesdir, 'sampleconfigs', 'config.py'), 'config.py')
|
shutil.copyfile(os.path.join(examplesdir, 'config.py'), 'config.py')
|
||||||
os.chmod('config.py', 0o0600)
|
os.chmod('config.py', 0o0600)
|
||||||
else:
|
else:
|
||||||
logging.info('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
|
logging.info('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
|
||||||
|
@ -122,23 +122,23 @@ def main():
|
|||||||
# if not generate one...
|
# if not generate one...
|
||||||
p = FDroidPopen(['keytool', '-list',
|
p = FDroidPopen(['keytool', '-list',
|
||||||
'-alias', keyalias, '-keystore', config['keystore'],
|
'-alias', keyalias, '-keystore', config['keystore'],
|
||||||
'-storepass', config['keystorepass']])
|
'-storepass:file', config['keystorepass']])
|
||||||
if p.returncode !=0:
|
if p.returncode !=0:
|
||||||
logging.info("Key does not exist - generating...")
|
logging.info("Key does not exist - generating...")
|
||||||
p = FDroidPopen(['keytool', '-genkey',
|
p = FDroidPopen(['keytool', '-genkey',
|
||||||
'-keystore', config['keystore'], '-alias', keyalias,
|
'-keystore', config['keystore'], '-alias', keyalias,
|
||||||
'-keyalg', 'RSA', '-keysize', '2048',
|
'-keyalg', 'RSA', '-keysize', '2048',
|
||||||
'-validity', '10000',
|
'-validity', '10000',
|
||||||
'-storepass', config['keystorepass'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
'-keypass', config['keypass'],
|
'-keypass:file', config['keypassfile'],
|
||||||
'-dname', config['keydname']])
|
'-dname', config['keydname']])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise BuildException("Failed to generate key")
|
raise BuildException("Failed to generate key")
|
||||||
|
|
||||||
# Sign the application...
|
# Sign the application...
|
||||||
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
||||||
'-storepass', config['keystorepass'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
'-keypass', config['keypass'], '-sigalg',
|
'-keypass:file', config['keypassfile'], '-sigalg',
|
||||||
'MD5withRSA', '-digestalg', 'SHA1',
|
'MD5withRSA', '-digestalg', 'SHA1',
|
||||||
apkfile, keyalias])
|
apkfile, keyalias])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
|
@ -642,7 +642,7 @@ def make_index(apps, apks, repodir, archive, categories):
|
|||||||
p = FDroidPopen(['keytool', '-exportcert',
|
p = FDroidPopen(['keytool', '-exportcert',
|
||||||
'-alias', config['repo_keyalias'],
|
'-alias', config['repo_keyalias'],
|
||||||
'-keystore', config['keystore'],
|
'-keystore', config['keystore'],
|
||||||
'-storepass', config['keystorepass']])
|
'-storepass:file', config['keystorepassfile']])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
logging.critical("Failed to get repo pubkey")
|
logging.critical("Failed to get repo pubkey")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
@ -796,7 +796,8 @@ def make_index(apps, apks, repodir, archive, categories):
|
|||||||
|
|
||||||
# Sign the index...
|
# Sign the index...
|
||||||
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
||||||
'-storepass', config['keystorepass'], '-keypass', config['keypass'],
|
'-storepass:file', config['keystorepassfile'],
|
||||||
|
'-keypass:file', config['keypassfile'],
|
||||||
'-digestalg', 'SHA1', '-sigalg', 'MD5withRSA',
|
'-digestalg', 'SHA1', '-sigalg', 'MD5withRSA',
|
||||||
os.path.join(repodir, 'index.jar') , config['repo_keyalias']])
|
os.path.join(repodir, 'index.jar') , config['repo_keyalias']])
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
|
6
setup.py
6
setup.py
@ -13,9 +13,9 @@ setup(name='FDroidServer',
|
|||||||
scripts=['fdroid', 'fd-commit'],
|
scripts=['fdroid', 'fd-commit'],
|
||||||
data_files=[
|
data_files=[
|
||||||
('share/doc/fdroidserver/examples',
|
('share/doc/fdroidserver/examples',
|
||||||
[ 'config.buildserver.py',
|
[ 'buildserver/config.buildserver.py',
|
||||||
'sampleconfigs/config.sample.py',
|
'examples/config.py',
|
||||||
'sampleconfigs/makebs.config.sample.py',
|
'examples/makebs.config.py',
|
||||||
'fdroid-icon.png']),
|
'fdroid-icon.png']),
|
||||||
],
|
],
|
||||||
install_requires=[
|
install_requires=[
|
||||||
|
Loading…
Reference in New Issue
Block a user