mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-03 17:50:11 +02:00
update: make --create-key work with a HSM
This commit is contained in:
parent
004d13a48a
commit
a8e9653b96
@ -3345,26 +3345,33 @@ def genkeystore(localconfig):
|
||||
|
||||
env_vars = {'LC_ALL': 'C.UTF-8',
|
||||
'FDROID_KEY_STORE_PASS': localconfig['keystorepass'],
|
||||
'FDROID_KEY_PASS': localconfig['keypass']}
|
||||
p = FDroidPopen([config['keytool'], '-genkey',
|
||||
'FDROID_KEY_PASS': localconfig.get('keypass', "")}
|
||||
|
||||
cmd = [config['keytool'], '-genkey',
|
||||
'-keystore', localconfig['keystore'],
|
||||
'-alias', localconfig['repo_keyalias'],
|
||||
'-keyalg', 'RSA', '-keysize', '4096',
|
||||
'-sigalg', 'SHA256withRSA',
|
||||
'-validity', '10000',
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS',
|
||||
'-keypass:env', 'FDROID_KEY_PASS',
|
||||
'-dname', localconfig['keydname'],
|
||||
'-J-Duser.language=en'], envs=env_vars)
|
||||
'-J-Duser.language=en']
|
||||
if localconfig['keystore'] == "NONE":
|
||||
cmd += localconfig['smartcardoptions']
|
||||
else:
|
||||
cmd += '-keypass:env', 'FDROID_KEY_PASS'
|
||||
p = FDroidPopen(cmd, envs=env_vars)
|
||||
if p.returncode != 0:
|
||||
raise BuildException("Failed to generate key", p.output)
|
||||
if localconfig['keystore'] != "NONE":
|
||||
os.chmod(localconfig['keystore'], 0o0600)
|
||||
if not options.quiet:
|
||||
# now show the lovely key that was just generated
|
||||
p = FDroidPopen([config['keytool'], '-list', '-v',
|
||||
'-keystore', localconfig['keystore'],
|
||||
'-alias', localconfig['repo_keyalias'],
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en'], envs=env_vars)
|
||||
'-storepass:env', 'FDROID_KEY_STORE_PASS', '-J-Duser.language=en']
|
||||
+ config['smartcardoptions'], envs=env_vars)
|
||||
logging.info(p.output.strip() + '\n\n')
|
||||
# get the public key
|
||||
p = FDroidPopenBytes([config['keytool'], '-exportcert',
|
||||
|
@ -215,6 +215,9 @@ def main():
|
||||
f.write('name = OpenSC\nlibrary = ')
|
||||
f.write(opensc_so)
|
||||
f.write('\n')
|
||||
logging.info("Repo setup using a smartcard HSM. Please edit keystorepass and repo_keyalias in config.py.")
|
||||
logging.info("If you want to generate a new repo signing key in the HSM you can do that with 'fdroid update "
|
||||
"--create-key'.")
|
||||
elif os.path.exists(keystore):
|
||||
to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
|
||||
if repo_keyalias:
|
||||
|
@ -2323,7 +2323,7 @@ def main():
|
||||
if 'keystorepass' not in config:
|
||||
config['keystorepass'] = password
|
||||
common.write_to_config(config, 'keystorepass', config['keystorepass'])
|
||||
if 'keypass' not in config:
|
||||
if 'keypass' not in config and not config['keystore'] == "NONE":
|
||||
config['keypass'] = password
|
||||
common.write_to_config(config, 'keypass', config['keypass'])
|
||||
common.genkeystore(config)
|
||||
|
Loading…
Reference in New Issue
Block a user