mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-14 19:10:11 +01:00
Return public key and fingerprint after generating repo signing key
This commit is contained in:
parent
c484dc33be
commit
c9b76eb808
@ -37,6 +37,7 @@ import base64
|
|||||||
import zipfile
|
import zipfile
|
||||||
import xml.etree.ElementTree as XMLElementTree
|
import xml.etree.ElementTree as XMLElementTree
|
||||||
|
|
||||||
|
from binascii import hexlify
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from distutils.version import LooseVersion
|
from distutils.version import LooseVersion
|
||||||
from queue import Queue
|
from queue import Queue
|
||||||
@ -2142,7 +2143,10 @@ def genpassword():
|
|||||||
|
|
||||||
|
|
||||||
def genkeystore(localconfig):
|
def genkeystore(localconfig):
|
||||||
'''Generate a new key with random passwords and add it to new keystore'''
|
"""
|
||||||
|
Generate a new key with password provided in :param localconfig and add it to new keystore
|
||||||
|
:return: hexed public key, public key fingerprint
|
||||||
|
"""
|
||||||
logging.info('Generating a new key in "' + localconfig['keystore'] + '"...')
|
logging.info('Generating a new key in "' + localconfig['keystore'] + '"...')
|
||||||
keystoredir = os.path.dirname(localconfig['keystore'])
|
keystoredir = os.path.dirname(localconfig['keystore'])
|
||||||
if keystoredir is None or keystoredir == '':
|
if keystoredir is None or keystoredir == '':
|
||||||
@ -2165,12 +2169,35 @@ def genkeystore(localconfig):
|
|||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise BuildException("Failed to generate key", p.output)
|
raise BuildException("Failed to generate key", p.output)
|
||||||
os.chmod(localconfig['keystore'], 0o0600)
|
os.chmod(localconfig['keystore'], 0o0600)
|
||||||
|
if not options.quiet:
|
||||||
# now show the lovely key that was just generated
|
# now show the lovely key that was just generated
|
||||||
p = FDroidPopen([config['keytool'], '-list', '-v',
|
p = FDroidPopen([config['keytool'], '-list', '-v',
|
||||||
'-keystore', localconfig['keystore'],
|
'-keystore', localconfig['keystore'],
|
||||||
'-alias', localconfig['repo_keyalias'],
|
'-alias', localconfig['repo_keyalias'],
|
||||||
'-storepass:file', config['keystorepassfile']])
|
'-storepass:file', config['keystorepassfile']])
|
||||||
logging.info(p.output.strip() + '\n\n')
|
logging.info(p.output.strip() + '\n\n')
|
||||||
|
# get the public key
|
||||||
|
p = FDroidPopenBytes([config['keytool'], '-exportcert',
|
||||||
|
'-keystore', localconfig['keystore'],
|
||||||
|
'-alias', localconfig['repo_keyalias'],
|
||||||
|
'-storepass:file', config['keystorepassfile']]
|
||||||
|
+ config['smartcardoptions'],
|
||||||
|
output=False, stderr_to_stdout=False)
|
||||||
|
if p.returncode != 0 or len(p.output) < 20:
|
||||||
|
raise BuildException("Failed to get public key", p.output)
|
||||||
|
pubkey = p.output
|
||||||
|
fingerprint = get_cert_fingerprint(pubkey)
|
||||||
|
return hexlify(pubkey), fingerprint
|
||||||
|
|
||||||
|
|
||||||
|
def get_cert_fingerprint(pubkey):
|
||||||
|
"""
|
||||||
|
Generate a certificate fingerprint the same way keytool does it
|
||||||
|
(but with slightly different formatting)
|
||||||
|
"""
|
||||||
|
digest = hashlib.sha256(pubkey).digest()
|
||||||
|
ret = [' '.join("%02X" % b for b in bytearray(digest))]
|
||||||
|
return " ".join(ret)
|
||||||
|
|
||||||
|
|
||||||
def write_to_config(thisconfig, key, value=None):
|
def write_to_config(thisconfig, key, value=None):
|
||||||
|
@ -1107,15 +1107,6 @@ def scan_apks(apkcache, repodir, knownapks, use_date_from_apk=False):
|
|||||||
repo_pubkey_fingerprint = None
|
repo_pubkey_fingerprint = None
|
||||||
|
|
||||||
|
|
||||||
# Generate a certificate fingerprint the same way keytool does it
|
|
||||||
# (but with slightly different formatting)
|
|
||||||
def cert_fingerprint(data):
|
|
||||||
digest = hashlib.sha256(data).digest()
|
|
||||||
ret = []
|
|
||||||
ret.append(' '.join("%02X" % b for b in bytearray(digest)))
|
|
||||||
return " ".join(ret)
|
|
||||||
|
|
||||||
|
|
||||||
def extract_pubkey():
|
def extract_pubkey():
|
||||||
global repo_pubkey_fingerprint
|
global repo_pubkey_fingerprint
|
||||||
if 'repo_pubkey' in config:
|
if 'repo_pubkey' in config:
|
||||||
@ -1134,7 +1125,7 @@ def extract_pubkey():
|
|||||||
logging.critical(msg)
|
logging.critical(msg)
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
pubkey = p.output
|
pubkey = p.output
|
||||||
repo_pubkey_fingerprint = cert_fingerprint(pubkey)
|
repo_pubkey_fingerprint = common.get_cert_fingerprint(pubkey)
|
||||||
return hexlify(pubkey)
|
return hexlify(pubkey)
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user