mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
move update.signjar() to common so it can also be used in signindex
This commit is contained in:
parent
696bae4d6d
commit
fa657ce720
@ -387,6 +387,29 @@ def write_password_file(pwtype, password=None):
|
|||||||
config[pwtype + 'file'] = filename
|
config[pwtype + 'file'] = filename
|
||||||
|
|
||||||
|
|
||||||
|
def signjar(jar):
|
||||||
|
'''
|
||||||
|
sign a JAR file with Java's jarsigner.
|
||||||
|
|
||||||
|
This does use old hashing algorithms, i.e. SHA1, but that's not
|
||||||
|
broken yet for file verification. This could be set to SHA256,
|
||||||
|
but then Android < 4.3 would not be able to verify it.
|
||||||
|
https://code.google.com/p/android/issues/detail?id=38321
|
||||||
|
'''
|
||||||
|
args = [config['jarsigner'], '-keystore', config['keystore'],
|
||||||
|
'-storepass:file', config['keystorepassfile'],
|
||||||
|
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
||||||
|
jar, config['repo_keyalias']]
|
||||||
|
if config['keystore'] == 'NONE':
|
||||||
|
args += config['smartcardoptions']
|
||||||
|
else: # smardcards never use -keypass
|
||||||
|
args += ['-keypass:file', config['keypassfile']]
|
||||||
|
p = FDroidPopen(args)
|
||||||
|
if p.returncode != 0:
|
||||||
|
logging.critical("Failed to sign %s!" % jar)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
def get_local_metadata_files():
|
def get_local_metadata_files():
|
||||||
'''get any metadata files local to an app's source repo
|
'''get any metadata files local to an app's source repo
|
||||||
|
|
||||||
|
@ -22,7 +22,6 @@ from argparse import ArgumentParser
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
from . import common
|
from . import common
|
||||||
from .common import FDroidPopen
|
|
||||||
|
|
||||||
config = None
|
config = None
|
||||||
options = None
|
options = None
|
||||||
@ -56,18 +55,7 @@ def main():
|
|||||||
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
|
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
|
||||||
if os.path.exists(unsigned):
|
if os.path.exists(unsigned):
|
||||||
|
|
||||||
args = [config['jarsigner'], '-keystore', config['keystore'],
|
common.signjar(unsigned)
|
||||||
'-storepass:file', config['keystorepassfile'],
|
|
||||||
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
|
||||||
unsigned, config['repo_keyalias']]
|
|
||||||
if config['keystore'] == 'NONE':
|
|
||||||
args += config['smartcardoptions']
|
|
||||||
else: # smardcards never use -keypass
|
|
||||||
args += ['-keypass:file', config['keypassfile']]
|
|
||||||
p = FDroidPopen(args)
|
|
||||||
if p.returncode != 0:
|
|
||||||
logging.critical("Failed to sign index")
|
|
||||||
sys.exit(1)
|
|
||||||
os.rename(unsigned, os.path.join(output_dir, 'index.jar'))
|
os.rename(unsigned, os.path.join(output_dir, 'index.jar'))
|
||||||
logging.info('Signed index in ' + output_dir)
|
logging.info('Signed index in ' + output_dir)
|
||||||
signed += 1
|
signed += 1
|
||||||
|
@ -1287,7 +1287,7 @@ def make_index_v1(apps, packages, repodir, repodict, requestsdict):
|
|||||||
jar_file = os.path.join(repodir, 'index-v1.jar')
|
jar_file = os.path.join(repodir, 'index-v1.jar')
|
||||||
with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
|
with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
|
||||||
jar.write(index_file, json_name)
|
jar.write(index_file, json_name)
|
||||||
signjar(jar_file)
|
common.signjar(jar_file)
|
||||||
os.remove(index_file)
|
os.remove(index_file)
|
||||||
|
|
||||||
|
|
||||||
@ -1540,7 +1540,7 @@ def make_index_v0(apps, apks, repodir, repodict, requestsdict):
|
|||||||
if os.path.exists(signed):
|
if os.path.exists(signed):
|
||||||
os.remove(signed)
|
os.remove(signed)
|
||||||
else:
|
else:
|
||||||
signjar(signed)
|
common.signjar(signed)
|
||||||
|
|
||||||
# Copy the repo icon into the repo directory...
|
# Copy the repo icon into the repo directory...
|
||||||
icon_dir = os.path.join(repodir, 'icons')
|
icon_dir = os.path.join(repodir, 'icons')
|
||||||
@ -1548,29 +1548,6 @@ def make_index_v0(apps, apks, repodir, repodict, requestsdict):
|
|||||||
shutil.copyfile(config['repo_icon'], iconfilename)
|
shutil.copyfile(config['repo_icon'], iconfilename)
|
||||||
|
|
||||||
|
|
||||||
def signjar(jar):
|
|
||||||
'''
|
|
||||||
sign a JAR file with Java's jarsigner.
|
|
||||||
|
|
||||||
This does use old hashing algorithms, i.e. SHA1, but that's not
|
|
||||||
broken yet for file verification. This could be set to SHA256,
|
|
||||||
but then Android < 4.3 would not be able to verify it.
|
|
||||||
https://code.google.com/p/android/issues/detail?id=38321
|
|
||||||
'''
|
|
||||||
args = [config['jarsigner'], '-keystore', config['keystore'],
|
|
||||||
'-storepass:file', config['keystorepassfile'],
|
|
||||||
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
|
|
||||||
jar, config['repo_keyalias']]
|
|
||||||
if config['keystore'] == 'NONE':
|
|
||||||
args += config['smartcardoptions']
|
|
||||||
else: # smardcards never use -keypass
|
|
||||||
args += ['-keypass:file', config['keypassfile']]
|
|
||||||
p = FDroidPopen(args)
|
|
||||||
if p.returncode != 0:
|
|
||||||
logging.critical("Failed to sign index")
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
|
|
||||||
def make_categories_txt(repodir, categories):
|
def make_categories_txt(repodir, categories):
|
||||||
'''Write a category list in the repo to allow quick access'''
|
'''Write a category list in the repo to allow quick access'''
|
||||||
catdata = ''
|
catdata = ''
|
||||||
|
@ -157,6 +157,26 @@ class CommonTest(unittest.TestCase):
|
|||||||
p = fdroidserver.common.FDroidPopen(commands, stderr_to_stdout=False)
|
p = fdroidserver.common.FDroidPopen(commands, stderr_to_stdout=False)
|
||||||
self.assertEqual(p.output, 'stdout message\n')
|
self.assertEqual(p.output, 'stdout message\n')
|
||||||
|
|
||||||
|
def test_signjar(self):
|
||||||
|
fdroidserver.common.config = None
|
||||||
|
config = fdroidserver.common.read_config(fdroidserver.common.options)
|
||||||
|
config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
|
||||||
|
fdroidserver.common.config = config
|
||||||
|
|
||||||
|
basedir = os.path.dirname(__file__)
|
||||||
|
tmpdir = os.path.join(basedir, '..', '.testfiles')
|
||||||
|
if not os.path.exists(tmpdir):
|
||||||
|
os.makedirs(tmpdir)
|
||||||
|
sourcedir = os.path.join(basedir, 'signindex')
|
||||||
|
testsdir = tempfile.mkdtemp(prefix='test_signjar', dir=tmpdir)
|
||||||
|
for f in ('testy.jar', 'guardianproject.jar',):
|
||||||
|
sourcefile = os.path.join(sourcedir, f)
|
||||||
|
testfile = os.path.join(testsdir, f)
|
||||||
|
shutil.copy(sourcefile, testsdir)
|
||||||
|
fdroidserver.common.signjar(testfile)
|
||||||
|
# these should be resigned, and therefore different
|
||||||
|
self.assertNotEqual(open(sourcefile, 'rb').read(), open(testfile, 'rb').read())
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
parser = optparse.OptionParser()
|
parser = optparse.OptionParser()
|
||||||
|
BIN
tests/signindex/guardianproject.jar
Normal file
BIN
tests/signindex/guardianproject.jar
Normal file
Binary file not shown.
BIN
tests/signindex/testy.jar
Normal file
BIN
tests/signindex/testy.jar
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user