Extract repository certificate automatically

config.sample.py

@@ -18,14 +18,9 @@ binaries built by the original application developers.
 """
 
 #The key (from the keystore defined below) to be used for signing the
-#repository itself. Can be none for an unsigned repository.
+#repository itself. Can be None for an unsigned repository.
 repo_keyalias = None
 
-#If you're building a signed repository, you need the public key here. You
-#can get the public key in the correct format by using 'getsig -f x.jar" where
-#x.jar is any jar you have signed with it.
-repo_pubkey = 'not set'
-
 #The keystore to use for release keys when building. This needs to be
 #somewhere safe and secure, and backed up!
 keystore = "/home/me/somewhere/my.keystore"
@@ -33,7 +28,8 @@ keystore = "/home/me/somewhere/my.keystore"
 #The password for the keystore.
 keystorepass = "foo"
 
-#The password for keys - the same is used for each auto-generated key.
+#The password for keys - the same is used for each auto-generated key
+#as well as for the repository key.
 keypass = "foo2"
 
 #The distinguished name used for all keys.

update.py

@@ -247,7 +247,18 @@ repoel.setAttribute("name", repo_name)
 repoel.setAttribute("icon", os.path.basename(repo_icon))
 repoel.setAttribute("url", repo_url)
 if repo_keyalias != None:
-    repoel.setAttribute("pubkey", repo_pubkey)
+    def extract_pubkey():
+        p = subprocess.Popen(['keytool', '-exportcert',
+                              '-alias', repo_keyalias,
+                              '-keystore', keystore,
+                              '-storepass', keystorepass],
+                             stdout=subprocess.PIPE)
+        cert = p.communicate()[0]
+        if p.returncode != 0:
+            print "ERROR: Failed to get repo pubkey"
+            sys.exit(1)
+        return "".join("%02x" % ord(b) for b in cert)
+    repoel.setAttribute("pubkey", extract_pubkey())
 addElement('description', repo_description, doc, repoel)
 root.appendChild(repoel)