Return public key and fingerprint after generating repo signing key

2024-11-14 11:00:10 +01:00 · 2017-03-22 15:44:35 -03:00 · 2017-03-22 15:44:35 -03:00 · c9b76eb808
commit c9b76eb808
parent c484dc33be
2 changed files with 35 additions and 17 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -37,6 +37,7 @@ import base64
 import zipfile
 import xml.etree.ElementTree as XMLElementTree

+from binascii import hexlify
 from datetime import datetime
 from distutils.version import LooseVersion
 from queue import Queue
@ -2142,7 +2143,10 @@ def genpassword():


 def genkeystore(localconfig):
-    '''Generate a new key with random passwords and add it to new keystore'''
+    """
+    Generate a new key with password provided in :param localconfig and add it to new keystore
+    :return: hexed public key, public key fingerprint
+    """
    logging.info('Generating a new key in "' + localconfig['keystore'] + '"...')
    keystoredir = os.path.dirname(localconfig['keystore'])
    if keystoredir is None or keystoredir == '':
@ -2165,12 +2169,35 @@ def genkeystore(localconfig):
    if p.returncode != 0:
        raise BuildException("Failed to generate key", p.output)
    os.chmod(localconfig['keystore'], 0o0600)
+    if not options.quiet:
        # now show the lovely key that was just generated
        p = FDroidPopen([config['keytool'], '-list', '-v',
                         '-keystore', localconfig['keystore'],
                         '-alias', localconfig['repo_keyalias'],
                         '-storepass:file', config['keystorepassfile']])
        logging.info(p.output.strip() + '\n\n')
+    # get the public key
+    p = FDroidPopenBytes([config['keytool'], '-exportcert',
+                          '-keystore', localconfig['keystore'],
+                          '-alias', localconfig['repo_keyalias'],
+                          '-storepass:file', config['keystorepassfile']]
+                         + config['smartcardoptions'],
+                         output=False, stderr_to_stdout=False)
+    if p.returncode != 0 or len(p.output) < 20:
+        raise BuildException("Failed to get public key", p.output)
+    pubkey = p.output
+    fingerprint = get_cert_fingerprint(pubkey)
+    return hexlify(pubkey), fingerprint
+
+
+def get_cert_fingerprint(pubkey):
+    """
+    Generate a certificate fingerprint the same way keytool does it
+    (but with slightly different formatting)
+    """
+    digest = hashlib.sha256(pubkey).digest()
+    ret = [' '.join("%02X" % b for b in bytearray(digest))]
+    return " ".join(ret)


 def write_to_config(thisconfig, key, value=None):
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@ -1107,15 +1107,6 @@ def scan_apks(apkcache, repodir, knownapks, use_date_from_apk=False):
 repo_pubkey_fingerprint = None


-# Generate a certificate fingerprint the same way keytool does it
-# (but with slightly different formatting)
-def cert_fingerprint(data):
-    digest = hashlib.sha256(data).digest()
-    ret = []
-    ret.append(' '.join("%02X" % b for b in bytearray(digest)))
-    return " ".join(ret)
-
-
 def extract_pubkey():
    global repo_pubkey_fingerprint
    if 'repo_pubkey' in config:
@ -1134,7 +1125,7 @@ def extract_pubkey():
            logging.critical(msg)
            sys.exit(1)
        pubkey = p.output
-    repo_pubkey_fingerprint = cert_fingerprint(pubkey)
+    repo_pubkey_fingerprint = common.get_cert_fingerprint(pubkey)
    return hexlify(pubkey)