From 54257f8f6a5130333a589d31d41df840c155ec86 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 4 Aug 2020 17:20:55 +0200
Subject: [PATCH 1/5] init: generate opensc-fdroid.cfg rather than copying from
 examples

This file is so simple, it is better to skip the complexity of trying to
find the installed examples folder, especially when considering Windows and
macOS, with their odd paths.
---
 fdroidserver/init.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 280a503a..c0c23207 100644
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -211,12 +211,10 @@ def main():
                     opensc_so = '/usr/lib/opensc-pkcs11.so'
                     logging.warning('No OpenSC PKCS#11 module found, '
                                     + 'install OpenSC then edit "opensc-fdroid.cfg"!')
-            with open(os.path.join(examplesdir, 'opensc-fdroid.cfg'), 'r') as f:
-                opensc_fdroid = f.read()
-            opensc_fdroid = re.sub('^library.*', 'library = ' + opensc_so, opensc_fdroid,
-                                   flags=re.MULTILINE)
             with open('opensc-fdroid.cfg', 'w') as f:
-                f.write(opensc_fdroid)
+                f.write('name = OpenSC\nlibrary = ')
+                f.write(opensc_so)
+                f.write('\n')
     elif os.path.exists(keystore):
         to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
         if repo_keyalias:

From 7dcf4f56807d12322d36af728d4685f9d53eff76 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 4 Aug 2020 17:26:29 +0200
Subject: [PATCH 2/5] index: smartcardoptions is a list or tuple, but only
 lists can be added

---
 fdroidserver/index.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/index.py b/fdroidserver/index.py
index af5c3522..b115643b 100644
--- a/fdroidserver/index.py
+++ b/fdroidserver/index.py
@@ -610,7 +610,7 @@ def extract_pubkey():
                               '-alias', common.config['repo_keyalias'],
                               '-keystore', common.config['keystore'],
                               '-storepass:env', 'FDROID_KEY_STORE_PASS']
-                             + common.config['smartcardoptions'],
+                             + list(common.config['smartcardoptions']),
                              envs=env_vars, output=False, stderr_to_stdout=False)
         if p.returncode != 0 or len(p.output) < 20:
             msg = "Failed to get repo pubkey!"

From d213c8b37c7cf496c3465c24716df7a5a440de46 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 4 Aug 2020 17:29:30 +0200
Subject: [PATCH 3/5] update: validate smartcardoptions when using a HSM for
 the keystore

---
 fdroidserver/common.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 374789b0..2118992a 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -317,9 +317,10 @@ def read_config(opts, config_file='config.py'):
                     .format(field=k))
 
     # smartcardoptions must be a list since its command line args for Popen
-    if 'smartcardoptions' in config:
-        config['smartcardoptions'] = config['smartcardoptions'].split(' ')
-    elif 'keystore' in config and config['keystore'] == 'NONE':
+    smartcardoptions = config.get('smartcardoptions')
+    if isinstance(smartcardoptions, str):
+        config['smartcardoptions'] = re.sub(r'\s+', r' ', config['smartcardoptions']).split(' ')
+    elif not smartcardoptions and 'keystore' in config and config['keystore'] == 'NONE':
         # keystore='NONE' means use smartcard, these are required defaults
         config['smartcardoptions'] = ['-storetype', 'PKCS11', '-providerName',
                                       'SunPKCS11-OpenSC', '-providerClass',
@@ -398,6 +399,10 @@ def assert_config_keystore(config):
     if 'keystore' not in config:
         nosigningkey = True
         logging.critical(_("'keystore' not found in config.py!"))
+    elif config['keystore'] == 'NONE':
+        if not config.get('smartcardoptions'):
+            nosigningkey = True
+            logging.critical(_("'keystore' is NONE and 'smartcardoptions' is blank!"))
     elif not os.path.exists(config['keystore']):
         nosigningkey = True
         logging.critical("'" + config['keystore'] + "' does not exist!")

From f779ce276ab3b49422dde7d32b9d331712e384f4 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 6 Aug 2020 15:45:44 +0200
Subject: [PATCH 4/5] 'keypass' is not required in config if using a HSM

---
 fdroidserver/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 2118992a..1f3a483c 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -409,7 +409,7 @@ def assert_config_keystore(config):
     if 'keystorepass' not in config:
         nosigningkey = True
         logging.critical(_("'keystorepass' not found in config.py!"))
-    if 'keypass' not in config:
+    if 'keypass' not in config and config.get('keystore') != 'NONE':
         nosigningkey = True
         logging.critical(_("'keypass' not found in config.py!"))
     if nosigningkey:

From 226f490c52f523e28a9a193910e8856b94155c11 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 6 Aug 2020 15:45:18 +0200
Subject: [PATCH 5/5] declare LICENSE file in setup.cfg

---
 setup.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/setup.cfg b/setup.cfg
index d4887223..81bcf8af 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,3 +1,5 @@
+[metadata]
+license_file = LICENSE
 
 # uploading here requires Python 3.5.3+ or setuptools 27+,
 # use instead: twine upload --sign dist/fdroidserver*.tar.gz