Merge branch 'smartcard-hsm-fixes' into 'master'

Smart Card HSM fixes

See merge request fdroid/fdroidserver!779

fdroidserver/common.py

@@ -317,9 +317,10 @@ def read_config(opts, config_file='config.py'):
                     .format(field=k))
 
     # smartcardoptions must be a list since its command line args for Popen
-    if 'smartcardoptions' in config:
-        config['smartcardoptions'] = config['smartcardoptions'].split(' ')
-    elif 'keystore' in config and config['keystore'] == 'NONE':
+    smartcardoptions = config.get('smartcardoptions')
+    if isinstance(smartcardoptions, str):
+        config['smartcardoptions'] = re.sub(r'\s+', r' ', config['smartcardoptions']).split(' ')
+    elif not smartcardoptions and 'keystore' in config and config['keystore'] == 'NONE':
         # keystore='NONE' means use smartcard, these are required defaults
         config['smartcardoptions'] = ['-storetype', 'PKCS11', '-providerName',
                                       'SunPKCS11-OpenSC', '-providerClass',
@@ -398,13 +399,17 @@ def assert_config_keystore(config):
     if 'keystore' not in config:
         nosigningkey = True
         logging.critical(_("'keystore' not found in config.py!"))
+    elif config['keystore'] == 'NONE':
+        if not config.get('smartcardoptions'):
+            nosigningkey = True
+            logging.critical(_("'keystore' is NONE and 'smartcardoptions' is blank!"))
     elif not os.path.exists(config['keystore']):
         nosigningkey = True
         logging.critical("'" + config['keystore'] + "' does not exist!")
     if 'keystorepass' not in config:
         nosigningkey = True
         logging.critical(_("'keystorepass' not found in config.py!"))
-    if 'keypass' not in config:
+    if 'keypass' not in config and config.get('keystore') != 'NONE':
         nosigningkey = True
         logging.critical(_("'keypass' not found in config.py!"))
     if nosigningkey:

fdroidserver/index.py

@@ -610,7 +610,7 @@ def extract_pubkey():
                               '-alias', common.config['repo_keyalias'],
                               '-keystore', common.config['keystore'],
                               '-storepass:env', 'FDROID_KEY_STORE_PASS']
-                             + common.config['smartcardoptions'],
+                             + list(common.config['smartcardoptions']),
                              envs=env_vars, output=False, stderr_to_stdout=False)
         if p.returncode != 0 or len(p.output) < 20:
             msg = "Failed to get repo pubkey!"

fdroidserver/init.py

@@ -211,12 +211,10 @@ def main():
                     opensc_so = '/usr/lib/opensc-pkcs11.so'
                     logging.warning('No OpenSC PKCS#11 module found, '
                                     + 'install OpenSC then edit "opensc-fdroid.cfg"!')
-            with open(os.path.join(examplesdir, 'opensc-fdroid.cfg'), 'r') as f:
-                opensc_fdroid = f.read()
-            opensc_fdroid = re.sub('^library.*', 'library = ' + opensc_so, opensc_fdroid,
-                                   flags=re.MULTILINE)
             with open('opensc-fdroid.cfg', 'w') as f:
-                f.write(opensc_fdroid)
+                f.write('name = OpenSC\nlibrary = ')
+                f.write(opensc_so)
+                f.write('\n')
     elif os.path.exists(keystore):
         to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
         if repo_keyalias:

setup.cfg

@@ -1,3 +1,5 @@
+[metadata]
+license_file = LICENSE
 
 # uploading here requires Python 3.5.3+ or setuptools 27+,
 # use instead: twine upload --sign dist/fdroidserver*.tar.gz