diff --git a/fdroidserver/common.py b/fdroidserver/common.py index be426d1b..86097a27 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -3345,26 +3345,33 @@ def genkeystore(localconfig): env_vars = {'LC_ALL': 'C.UTF-8', 'FDROID_KEY_STORE_PASS': localconfig['keystorepass'], - 'FDROID_KEY_PASS': localconfig['keypass']} - p = FDroidPopen([config['keytool'], '-genkey', - '-keystore', localconfig['keystore'], - '-alias', localconfig['repo_keyalias'], - '-keyalg', 'RSA', '-keysize', '4096', - '-sigalg', 'SHA256withRSA', - '-validity', '10000', - '-storepass:env', 'FDROID_KEY_STORE_PASS', - '-keypass:env', 'FDROID_KEY_PASS', - '-dname', localconfig['keydname'], - '-J-Duser.language=en'], envs=env_vars) + 'FDROID_KEY_PASS': localconfig.get('keypass', "")} + + cmd = [config['keytool'], '-genkey', + '-keystore', localconfig['keystore'], + '-alias', localconfig['repo_keyalias'], + '-keyalg', 'RSA', '-keysize', '4096', + '-sigalg', 'SHA256withRSA', + '-validity', '10000', + '-storepass:env', 'FDROID_KEY_STORE_PASS', + '-dname', localconfig['keydname'], + '-J-Duser.language=en'] + if localconfig['keystore'] == "NONE": + cmd += localconfig['smartcardoptions'] + else: + cmd += '-keypass:env', 'FDROID_KEY_PASS' + p = FDroidPopen(cmd, envs=env_vars) if p.returncode != 0: raise BuildException("Failed to generate key", p.output) - os.chmod(localconfig['keystore'], 0o0600) + if localconfig['keystore'] != "NONE": + os.chmod(localconfig['keystore'], 0o0600) if not options.quiet: # now show the lovely key that was just generated p = FDroidPopen([config['keytool'], '-list', '-v', '-keystore', localconfig['keystore'], '-alias', localconfig['repo_keyalias'], - '-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en'], envs=env_vars) + '-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en'] + + config['smartcardoptions'], envs=env_vars) logging.info(p.output.strip() + '\n\n') # get the public key p = FDroidPopenBytes([config['keytool'], '-exportcert', diff --git a/fdroidserver/init.py b/fdroidserver/init.py index c0c23207..ff2f7075 100644 --- a/fdroidserver/init.py +++ b/fdroidserver/init.py @@ -215,6 +215,9 @@ def main(): f.write('name = OpenSC\nlibrary = ') f.write(opensc_so) f.write('\n') + logging.info("Repo setup using a smartcard HSM. Please edit keystorepass and repo_keyalias in config.py.") + logging.info("If you want to generate a new repo signing key in the HSM you can do that with 'fdroid update " + "--create-key'.") elif os.path.exists(keystore): to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname'] if repo_keyalias: diff --git a/fdroidserver/update.py b/fdroidserver/update.py index babc3254..18ec1fe9 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -2323,7 +2323,7 @@ def main(): if 'keystorepass' not in config: config['keystorepass'] = password common.write_to_config(config, 'keystorepass', config['keystorepass']) - if 'keypass' not in config: + if 'keypass' not in config and not config['keystore'] == "NONE": config['keypass'] = password common.write_to_config(config, 'keypass', config['keypass']) common.genkeystore(config)