mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
update: make --create-key work with a HSM
This commit is contained in:
parent
004d13a48a
commit
a8e9653b96
@ -3345,26 +3345,33 @@ def genkeystore(localconfig):
|
|||||||
|
|
||||||
env_vars = {'LC_ALL': 'C.UTF-8',
|
env_vars = {'LC_ALL': 'C.UTF-8',
|
||||||
'FDROID_KEY_STORE_PASS': localconfig['keystorepass'],
|
'FDROID_KEY_STORE_PASS': localconfig['keystorepass'],
|
||||||
'FDROID_KEY_PASS': localconfig['keypass']}
|
'FDROID_KEY_PASS': localconfig.get('keypass', "")}
|
||||||
p = FDroidPopen([config['keytool'], '-genkey',
|
|
||||||
'-keystore', localconfig['keystore'],
|
cmd = [config['keytool'], '-genkey',
|
||||||
'-alias', localconfig['repo_keyalias'],
|
'-keystore', localconfig['keystore'],
|
||||||
'-keyalg', 'RSA', '-keysize', '4096',
|
'-alias', localconfig['repo_keyalias'],
|
||||||
'-sigalg', 'SHA256withRSA',
|
'-keyalg', 'RSA', '-keysize', '4096',
|
||||||
'-validity', '10000',
|
'-sigalg', 'SHA256withRSA',
|
||||||
'-storepass:env', 'FDROID_KEY_STORE_PASS',
|
'-validity', '10000',
|
||||||
'-keypass:env', 'FDROID_KEY_PASS',
|
'-storepass:env', 'FDROID_KEY_STORE_PASS',
|
||||||
'-dname', localconfig['keydname'],
|
'-dname', localconfig['keydname'],
|
||||||
'-J-Duser.language=en'], envs=env_vars)
|
'-J-Duser.language=en']
|
||||||
|
if localconfig['keystore'] == "NONE":
|
||||||
|
cmd += localconfig['smartcardoptions']
|
||||||
|
else:
|
||||||
|
cmd += '-keypass:env', 'FDROID_KEY_PASS'
|
||||||
|
p = FDroidPopen(cmd, envs=env_vars)
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise BuildException("Failed to generate key", p.output)
|
raise BuildException("Failed to generate key", p.output)
|
||||||
os.chmod(localconfig['keystore'], 0o0600)
|
if localconfig['keystore'] != "NONE":
|
||||||
|
os.chmod(localconfig['keystore'], 0o0600)
|
||||||
if not options.quiet:
|
if not options.quiet:
|
||||||
# now show the lovely key that was just generated
|
# now show the lovely key that was just generated
|
||||||
p = FDroidPopen([config['keytool'], '-list', '-v',
|
p = FDroidPopen([config['keytool'], '-list', '-v',
|
||||||
'-keystore', localconfig['keystore'],
|
'-keystore', localconfig['keystore'],
|
||||||
'-alias', localconfig['repo_keyalias'],
|
'-alias', localconfig['repo_keyalias'],
|
||||||
'-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en'], envs=env_vars)
|
'-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en']
|
||||||
|
+ config['smartcardoptions'], envs=env_vars)
|
||||||
logging.info(p.output.strip() + '\n\n')
|
logging.info(p.output.strip() + '\n\n')
|
||||||
# get the public key
|
# get the public key
|
||||||
p = FDroidPopenBytes([config['keytool'], '-exportcert',
|
p = FDroidPopenBytes([config['keytool'], '-exportcert',
|
||||||
|
@ -215,6 +215,9 @@ def main():
|
|||||||
f.write('name = OpenSC\nlibrary = ')
|
f.write('name = OpenSC\nlibrary = ')
|
||||||
f.write(opensc_so)
|
f.write(opensc_so)
|
||||||
f.write('\n')
|
f.write('\n')
|
||||||
|
logging.info("Repo setup using a smartcard HSM. Please edit keystorepass and repo_keyalias in config.py.")
|
||||||
|
logging.info("If you want to generate a new repo signing key in the HSM you can do that with 'fdroid update "
|
||||||
|
"--create-key'.")
|
||||||
elif os.path.exists(keystore):
|
elif os.path.exists(keystore):
|
||||||
to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
|
to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
|
||||||
if repo_keyalias:
|
if repo_keyalias:
|
||||||
|
@ -2323,7 +2323,7 @@ def main():
|
|||||||
if 'keystorepass' not in config:
|
if 'keystorepass' not in config:
|
||||||
config['keystorepass'] = password
|
config['keystorepass'] = password
|
||||||
common.write_to_config(config, 'keystorepass', config['keystorepass'])
|
common.write_to_config(config, 'keystorepass', config['keystorepass'])
|
||||||
if 'keypass' not in config:
|
if 'keypass' not in config and not config['keystore'] == "NONE":
|
||||||
config['keypass'] = password
|
config['keypass'] = password
|
||||||
common.write_to_config(config, 'keypass', config['keypass'])
|
common.write_to_config(config, 'keypass', config['keypass'])
|
||||||
common.genkeystore(config)
|
common.genkeystore(config)
|
||||||
|
Loading…
Reference in New Issue
Block a user