From f0fa241751a1cf8dbae4a71994ce1e7be4fbdcde Mon Sep 17 00:00:00 2001
From: Ciaran Gultnieks <ciaran@ciarang.com>
Date: Sat, 29 Jan 2011 09:32:21 +0000
Subject: [PATCH] Build a signed index in jar format, to be used by the next
 version of the client

---
 config.sample.py    |   9 +++++++++
 getsig/getsig.class | Bin 2690 -> 2933 bytes
 getsig/getsig.java  |  45 ++++++++++++++++++++++++++++++--------------
 update.py           |  29 ++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 14 deletions(-)

diff --git a/config.sample.py b/config.sample.py
index 7bd574c6..0001a802 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -17,6 +17,15 @@ The official FDroid repository. Applications in this repository are official
 binaries built by the original application developers.
 """
 
+#The key (from the keystore defined below) to be used for signing the
+#repository itself. Can be none for an unsigned repository.
+repo_keyalias = None
+
+#If you're building a signed repository, you need the public key here. You
+#can get the public key in the correct format by using 'getsig -f x.jar" where
+#x.jar is any jar you have signed with it.
+repo_pubkey = 'not set'
+
 #The keystore to use for release keys when building. This needs to be
 #somewhere safe and secure, and backed up!
 keystore = "/home/me/somewhere/my.keystore"
diff --git a/getsig/getsig.class b/getsig/getsig.class
index ecd9f4ec06b571ddc245d25cc1a51ae8f023c9df..832b08c51498f6c6b05cc454319269ee281c3fe7 100644
GIT binary patch
delta 1741
zcma)+TWnNC7{`CJdv@pS=_zb43mnR2TW)Qkv=nJ!p(2-Zv$P83(iZ6j%C&MUprEjb
zDBcm)8wH`DcJ)CG7`JFi)tG2B;mt=)Aki2fF)_ghTEC%)J|J<k`DVWV{O6nhocYfj
zj{Gqs{(ax)y+A1+I21GArqUsY1tAu)$Y!y_5*~CUsj^wBsdflaW5PpeJj^l^mTPJq
z2C>3~l{TwPfz^gn=TJ|B32V&QBL-Vzv(~23p^0Wq%Q8b=XS3d+l?^6rG+~owvqLUh
zOxS8TZJI|N#u<g%OuOBL9X2~PyKLG`wp+7Dv-fy!{pc2vs(DQFxQNs2)9lwgp?Om3
z%7jF@8abncDGFcF2A2aI)Wls5@suLFW?S37Xwin~=Jsg&o*g^3@7mqEUUS&xX^yx&
z!?TG-Rhl@XhDS;aaFpj{8JFjI!R19>N?cJnB`=%g6^<!FODk*V6fLe^Q0($5$6Zd4
z5H&8Z@w&?!OmTUWw-PzN{IZiS9h_2xw>0l<E^ceywy}8m?p>R=ZFDK&w8Fo1{xsQw
z%iElBIm>C6PEIA7eO`JA=UmS7j?25empJN++Fc|KaxC$&uh`$k`-yA5QU2V9szg&@
zRARBeOl2Lvo|QP@kB$zu?%dPd)~<-;SN*ecP0N<nb-QO4)PHiy|ECHD@*CzBtW2B;
zEKU3x_$WSEykdSnlxUkGu~f2=(kf{Kh25wN(osy67`z3#a`^W#P5MH$DzHeG`F>U9
zuPE%bI&lj9rBz9$74`-?86!!iFNME@!56VI11W;mC3K-xT4hxv;{&LD8|@)fH?bS1
zTE(oQ6lt-57x)ZUagsHrm#+AdL9w70Ofk5FO4EijGg4%BFg+v8Wjm&e444(OJ=@cM
zPxq$C_MIh|?7!~GG7&R6BxZTmH-Zrtyi-;h>RI0oNEvopif8p&X9pnf4&*OQG2ATQ
z8`xyl@|W2WTe9;sdBKQ1wJa0~>HXos2g@8!N9@3+h!b|sF(}*|ahk%;`XqL^M7qao
zBcWTY_yEmn`cL8!TP6F?j5tX~4>@(7?q)>HPEwya@)DzBp>R}mI9|xpDMovt6w#Q|
zLvEerIo;&N(!8{AIK`Nl>$xe$hNI^h(Zjg9ZpLR$NRb~maDIw{n49ds>bWsn4(V?~
zp$wUCX2#_c_~qD=<W~QSF-ZpH>&f2`%(-3=Tg+3})Xz*5PZ`tv&Mb*x$uh($SvX`%
zFTzlUkQbMxkYP+_xVR~Ya<SfQMlp{uR56ws#<PM6G?LF&3glu>l6zXjF`02rtlK4~
z{ZMRsQD%QCuDm3^yew6|VmjY3gDcGB2NCci6<n37zcF6~RdSOB%3`64r?W^+VzHXa
z5>-p3s;645rAD=}T(wiH_OU`8Vx>CDDwSZhI!&GGqF#MLgZi4a>L(i2HP*|1o7FG0
zs6N*DeDdy<$(_k(=uI*-<!XeT)@ORtH8V7^J`-nZX6ZN;88^uCWoP!0Z2)Gee%V)=
z=6*Br&Xn6@N*=laj&(1N-*BW*-n~esP+Um=qtXp@hLM$icUfp=-xBzMXokFg{DkgK
by+!CJib#|lW|qrCqnTqKoVj8XAM^eK;+#M1

delta 1537
zcma)++jCP@6vlr$w|#PYgfu19Kua%xl+qGxu|irXlv3y=l}iB&UK$~$!BVvi2&hC6
z6crT=YJp0nFP-th@iK;+Q+>i2p5)ah{{?lNffwT1g))qzj^|;Wy}tGBwZC=N+UL*W
zBcaUo+gB!mI>v0OY4)?4H5M&4YiYH`S*K~U@v+{R4F$B*VN9o{%cg*sG2IrA+iYZ$
z;cT|qLXR<9O>CRNwpwhrc*3Ta9Tq!np5!TGp0=CCKBMWgDIspmvnJ6l&2F1=nk^FM
z{hTpLi+)YYVvq5j*9>U(p1QH4Y*6!psMNfuc}a9>hBU*PwB(fy*$!1&u$UUnK8O9h
zoc&zYHE9kw9ORJ0E4-=*?TPP?NA{&t1Cc%Pp-4x3s4X>+a9C^@uW?usJ7jp>;SG*t
zm1|D@o5nfHF@-<2u4hecdv{wzbU3`l+YZNhM<h7B%X<zdsBw6o53*gZs@4x3PI5}&
zj<r525*<Dw>u{Qn9X>JmtSKdX<LUlLODfqum`)@ULq^D_4kMg#ILo>0&#rQ7l+O%u
zEPK-xagTC7TkW2k9dj2K2BtC$#0Qg+E$N}uU^3h0?k$-!g$^fn?Hfv^4@P2%;o*2P
z(V9vohST5v?!Kk6e|S56-m0A~i?(H(d|wqUl5sGP3ni!5h^@`$eZ`q2g89S)2R{*(
znh3Zr;E{Htu2fHY#+dmHuAn=I$8!m9wY#qCD!$&u7tt}*U6aF#dcvN|_!Vc^VOF-{
zM+&0eus4TumbK>nKyXHmnP+Jz4Dh`b_0<?K6Nu`t4*T3;-(-$L*BHKu{BL2MBWS`!
z-L=;QG2pnIGpqKeJ5oY-rPSUNS3Hfl>vBA3PM-Akn`7J!I;6!Lr!VXc>G}pMWa&eJ
znTH$vVP7btz5OA7z`nqYKs@B{3)s6SumVeEd8#L5P1A(s>HAmSQLQHO=YtPjA{^C$
zayiv9HRYIX3YinNu2RzL30oH_jrzm>Kp@B5s2#R*lw|_t<CI*by!Rp%!O9%-3_LH#
z{HQ&V|5ZNwbZo(WF{#xpjhLV!b{}J*Fytdu$>zHs<7;VVu^Lh5cvu>5T78X2#0I40
zh0GvGCP;{4!jv(a3c0WgDHY0GRtmD2O1a|mh%=vI7H~k)92UkAsyHU|bX+FsgiOmx
zNj)O7Gb%gB<=^uK^?b<+azy!oMy}Ju4axWmtGGq84BKi|L8Ds8x{O*vn_9+t)yM|b
zLc8jwLv5#1#pzOqh^f<bs}Z(H4I9-co78t~R+s59btpwJm}eGVO`WD*vrHq`umNtf
zLi3nrxn@P-O&P4B!rK&0`O8&awAy#JWbW;`8<U(aSqjH9&G`q4+fam4`5&DBm8R3=
oxrsKC3jS8b9Yvbx)S^)egvz}9EG4rk7o}+`l@_m*mbzH=7oDUUZU6uP

diff --git a/getsig/getsig.java b/getsig/getsig.java
index 8b1da1ec..e4dd1269 100644
--- a/getsig/getsig.java
+++ b/getsig/getsig.java
@@ -13,13 +13,23 @@ public class getsig {
  
     public static void main(String[] args) {
 
-        if (args.length != 1) {
+        String apkPath = null;
+        boolean full = false;
+
+        if(args.length == 1) {
+            apkPath = args[0];
+        } else if (args.length == 2) {
+            if(!args[0].equals("-f")) {
+                System.out.println("Only -f is supported");
+                System.exit(1);
+            }
+            apkPath = args[1];
+            full = true;
+        } else {
             System.out.println("Specify the APK file to get the signature from!");
             System.exit(1);
         }
  
-        String apkPath = args[0];
- 
         try {
 
             JarFile apk = new JarFile(apkPath);
@@ -64,17 +74,24 @@ public class getsig {
                 csig[j*2+1] = (byte)(d >= 10 ? ('a' + d - 10) : ('0' + d));
             }
 
-            // Get the MD5 sum of that...
-            MessageDigest md;
-            md = MessageDigest.getInstance("MD5");
-            byte[] md5sum = new byte[32];
-            md.update(csig);
-            md5sum = md.digest();
-            BigInteger bigInt = new BigInteger(1, md5sum);
-            String md5hash = bigInt.toString(16);
-            while (md5hash.length() < 32)
-                md5hash = "0" + md5hash;
-            System.out.println("Result:" + md5hash);
+            String result;
+            if(full) {
+                result = new String(csig);
+            } else {
+                // Get the MD5 sum...
+                MessageDigest md;
+                md = MessageDigest.getInstance("MD5");
+                byte[] md5sum = new byte[32];
+                md.update(csig);
+                md5sum = md.digest();
+                BigInteger bigInt = new BigInteger(1, md5sum);
+                String md5hash = bigInt.toString(16);
+                while (md5hash.length() < 32)
+                    md5hash = "0" + md5hash;
+                result = md5hash;
+            }
+
+            System.out.println("Result:" + result);
             System.exit(0);
 
         } catch (Exception e) {
diff --git a/update.py b/update.py
index 5449e01b..b12f147a 100644
--- a/update.py
+++ b/update.py
@@ -240,6 +240,8 @@ repoel = doc.createElement("repo")
 repoel.setAttribute("name", repo_name)
 repoel.setAttribute("icon", repo_icon)
 repoel.setAttribute("url", repo_url)
+if repo_keyalias != None:
+    repoel.setAttribute("pubkey", repo_pubkey)
 addElement('description', repo_description, doc, repoel)
 root.appendChild(repoel)
 
@@ -357,6 +359,33 @@ output = doc.toxml()
 of.write(output)
 of.close()
 
+if repo_keyalias != None:
+
+    if not options.quiet:
+        print "Creating signed index."
+    
+    #Create a jar of the index...
+    p = subprocess.Popen(['jar', 'cf', 'index.jar', 'index.xml'],
+        cwd='repo', stdout=subprocess.PIPE)
+    output = p.communicate()[0]
+    if options.verbose:
+        print output
+    if p.returncode != 0:
+        print "ERROR: Failed to create jar file"
+        sys.exit(1)
+
+    # Sign the index...
+    p = subprocess.Popen(['jarsigner', '-keystore', keystore,
+        '-storepass', keystorepass, '-keypass', keypass,
+        os.path.join('repo', 'index.jar') , repo_keyalias], stdout=subprocess.PIPE)
+    output = p.communicate()[0]
+    if p.returncode != 0:
+        print "Failed to sign index"
+        print output
+        sys.exit(1)
+    if options.verbose:
+        print output
+
 #Copy the repo icon into the repo directory...
 iconfilename = os.path.join(icon_dir, repo_icon)
 shutil.copyfile(repo_icon, iconfilename)