mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-04 02:00:11 +02:00
Merge commit 'refs/merge-requests/137' of gitorious.org:f-droid/fdroidserver
This commit is contained in:
commit
802d5e298c
@ -60,14 +60,18 @@ repo_keyalias = None
|
||||
|
||||
#The keystore to use for release keys when building. This needs to be
|
||||
#somewhere safe and secure, and backed up!
|
||||
keystore = "/home/me/somewhere/my.keystore"
|
||||
#keystore = "/home/me/.local/share/fdroidserver/keystore.jks"
|
||||
|
||||
#The password for the keystore (at least 6 characters).
|
||||
keystorepass = "password1"
|
||||
# The password for the keystore (at least 6 characters). If this password is
|
||||
# different than the keypass below, it can be OK to store the password in this
|
||||
# file for real use. But in general, sensitive passwords should not be stored
|
||||
# in text files!
|
||||
#keystorepass = "password1"
|
||||
|
||||
#The password for keys - the same is used for each auto-generated key
|
||||
#as well as for the repository key.
|
||||
keypass = "password2"
|
||||
# The password for keys - the same is used for each auto-generated key as well
|
||||
# as for the repository key. You should not normally store this password in a
|
||||
# file since it is a sensitive password.
|
||||
#keypass = "password2"
|
||||
|
||||
#The distinguished name used for all keys.
|
||||
keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"
|
@ -66,6 +66,8 @@ def read_config(opts, config_file='config.py'):
|
||||
'stats_to_carbon': False,
|
||||
'repo_maxage': 0,
|
||||
'build_server_always': False,
|
||||
'keystore': os.path.join(os.getenv('HOME'),
|
||||
'.local', 'share', 'fdroidserver', 'keystore.jks'),
|
||||
'char_limits': {
|
||||
'Summary' : 50,
|
||||
'Description' : 1500
|
||||
@ -95,8 +97,26 @@ def read_config(opts, config_file='config.py'):
|
||||
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
|
||||
logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
|
||||
|
||||
for k in ["keystorepass", "keypass"]:
|
||||
if k in config:
|
||||
write_password_file(k)
|
||||
|
||||
return config
|
||||
|
||||
def write_password_file(pwtype, password=None):
|
||||
'''
|
||||
writes out passwords to a protected file instead of passing passwords as
|
||||
command line argments
|
||||
'''
|
||||
filename = '.fdroid.' + pwtype + '.txt'
|
||||
fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
|
||||
if password == None:
|
||||
os.write(fd, config[pwtype])
|
||||
else:
|
||||
os.write(fd, password)
|
||||
os.close(fd)
|
||||
config[pwtype + 'file'] = filename
|
||||
|
||||
# Given the arguments in the form of multiple appid:[vc] strings, this returns
|
||||
# a dictionary with the set of vercodes specified for each package.
|
||||
def read_pkg_args(args, allow_vercodes=False):
|
||||
|
@ -56,12 +56,15 @@ def genpassword():
|
||||
def genkey(keystore, repo_keyalias, password, keydname):
|
||||
'''generate a new keystore with a new key in it for signing repos'''
|
||||
logging.info('Generating a new key in "' + keystore + '"...')
|
||||
write_password_file("keystorepass", password)
|
||||
write_password_file("keypass", password)
|
||||
p = FDroidPopen(['keytool', '-genkey',
|
||||
'-keystore', keystore, '-alias', repo_keyalias,
|
||||
'-keyalg', 'RSA', '-keysize', '4096',
|
||||
'-sigalg', 'SHA256withRSA',
|
||||
'-validity', '10000',
|
||||
'-storepass', password, '-keypass', password,
|
||||
'-storepass:file', config['keystorepassfile'],
|
||||
'-keypass:file', config['keypassfile'],
|
||||
'-dname', keydname])
|
||||
if p.returncode != 0:
|
||||
raise BuildException("Failed to generate key", p.stdout)
|
||||
@ -106,7 +109,7 @@ def main():
|
||||
# 'metadata' and 'tmp' are created in fdroid
|
||||
os.mkdir('repo')
|
||||
shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
|
||||
shutil.copyfile(os.path.join(examplesdir, 'sampleconfigs', 'config.py'), 'config.py')
|
||||
shutil.copyfile(os.path.join(examplesdir, 'config.py'), 'config.py')
|
||||
os.chmod('config.py', 0o0600)
|
||||
else:
|
||||
logging.info('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
|
||||
|
@ -122,23 +122,23 @@ def main():
|
||||
# if not generate one...
|
||||
p = FDroidPopen(['keytool', '-list',
|
||||
'-alias', keyalias, '-keystore', config['keystore'],
|
||||
'-storepass', config['keystorepass']])
|
||||
'-storepass:file', config['keystorepass']])
|
||||
if p.returncode !=0:
|
||||
logging.info("Key does not exist - generating...")
|
||||
p = FDroidPopen(['keytool', '-genkey',
|
||||
'-keystore', config['keystore'], '-alias', keyalias,
|
||||
'-keyalg', 'RSA', '-keysize', '2048',
|
||||
'-validity', '10000',
|
||||
'-storepass', config['keystorepass'],
|
||||
'-keypass', config['keypass'],
|
||||
'-storepass:file', config['keystorepassfile'],
|
||||
'-keypass:file', config['keypassfile'],
|
||||
'-dname', config['keydname']])
|
||||
if p.returncode != 0:
|
||||
raise BuildException("Failed to generate key")
|
||||
|
||||
# Sign the application...
|
||||
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
||||
'-storepass', config['keystorepass'],
|
||||
'-keypass', config['keypass'], '-sigalg',
|
||||
'-storepass:file', config['keystorepassfile'],
|
||||
'-keypass:file', config['keypassfile'], '-sigalg',
|
||||
'MD5withRSA', '-digestalg', 'SHA1',
|
||||
apkfile, keyalias])
|
||||
if p.returncode != 0:
|
||||
|
@ -642,7 +642,7 @@ def make_index(apps, apks, repodir, archive, categories):
|
||||
p = FDroidPopen(['keytool', '-exportcert',
|
||||
'-alias', config['repo_keyalias'],
|
||||
'-keystore', config['keystore'],
|
||||
'-storepass', config['keystorepass']])
|
||||
'-storepass:file', config['keystorepassfile']])
|
||||
if p.returncode != 0:
|
||||
logging.critical("Failed to get repo pubkey")
|
||||
sys.exit(1)
|
||||
@ -796,7 +796,8 @@ def make_index(apps, apks, repodir, archive, categories):
|
||||
|
||||
# Sign the index...
|
||||
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
|
||||
'-storepass', config['keystorepass'], '-keypass', config['keypass'],
|
||||
'-storepass:file', config['keystorepassfile'],
|
||||
'-keypass:file', config['keypassfile'],
|
||||
'-digestalg', 'SHA1', '-sigalg', 'MD5withRSA',
|
||||
os.path.join(repodir, 'index.jar') , config['repo_keyalias']])
|
||||
if p.returncode != 0:
|
||||
|
6
setup.py
6
setup.py
@ -13,9 +13,9 @@ setup(name='FDroidServer',
|
||||
scripts=['fdroid', 'fd-commit'],
|
||||
data_files=[
|
||||
('share/doc/fdroidserver/examples',
|
||||
[ 'config.buildserver.py',
|
||||
'sampleconfigs/config.sample.py',
|
||||
'sampleconfigs/makebs.config.sample.py',
|
||||
[ 'buildserver/config.buildserver.py',
|
||||
'examples/config.py',
|
||||
'examples/makebs.config.py',
|
||||
'fdroid-icon.png']),
|
||||
],
|
||||
install_requires=[
|
||||
|
Loading…
Reference in New Issue
Block a user