break out jar signing into function so it can be reused

The new index format will also need to use jar signing
2024-10-03 17:50:11 +02:00 · 2016-12-05 19:19:02 +01:00 · 2016-12-05 19:19:02 +01:00 · b3a5db52f7
commit b3a5db52f7
parent 3afd6ca684
1 changed files with 24 additions and 12 deletions
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@ -1330,18 +1330,7 @@ def make_index(apps, sortedids, apks, repodir, archive):
            if os.path.exists(signed):
                os.remove(signed)
        else:
-            args = [config['jarsigner'], '-keystore', config['keystore'],
-                    '-storepass:file', config['keystorepassfile'],
-                    '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
-                    signed, config['repo_keyalias']]
-            if config['keystore'] == 'NONE':
-                args += config['smartcardoptions']
-            else:  # smardcards never use -keypass
-                args += ['-keypass:file', config['keypassfile']]
-            p = FDroidPopen(args)
-            if p.returncode != 0:
-                logging.critical("Failed to sign index")
-                sys.exit(1)
+            signjar(signed)

    # Copy the repo icon into the repo directory...
    icon_dir = os.path.join(repodir, 'icons')
@ -1349,6 +1338,29 @@ def make_index(apps, sortedids, apks, repodir, archive):
    shutil.copyfile(config['repo_icon'], iconfilename)


+def signjar(jar):
+    '''
+    sign a JAR file with Java's jarsigner.
+
+    This does use old hashing algorithms, i.e. SHA1, but that's not
+    broken yet for file verification.  This could be set to SHA256,
+    but then Android < 4.3 would not be able to verify it.
+    https://code.google.com/p/android/issues/detail?id=38321
+    '''
+    args = [config['jarsigner'], '-keystore', config['keystore'],
+            '-storepass:file', config['keystorepassfile'],
+            '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
+            jar, config['repo_keyalias']]
+    if config['keystore'] == 'NONE':
+        args += config['smartcardoptions']
+    else:  # smardcards never use -keypass
+        args += ['-keypass:file', config['keypassfile']]
+    p = FDroidPopen(args)
+    if p.returncode != 0:
+        logging.critical("Failed to sign index")
+        sys.exit(1)
+
+
 def make_categories_txt(repodir, categories):
    '''Write a category list in the repo to allow quick access'''
    catdata = ''