1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-18 12:40:11 +01:00
Commit Graph

8561 Commits

Author SHA1 Message Date
Ciaran Gultnieks
e8c47765ae Merge branch 'master' into 'master'
implemeted support for using a smartcard for the repo signing key

This changeset implements using a smartcard (HSM) as the keystore for the signing key.  It also fixes lots of little bugs in the `fdroid init` process.
2014-04-08 08:26:37 +00:00
Hans-Christoph Steiner
0dd8116059 add note about automatically generated signing key after init 2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
00b89c05c5 warn user if smartcard keystore is set but opensc is not installed 2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
3829d37d34 support repo signing with a key on a smartcard
This assumes that the smartcard is already setup with a signing key.  init
does not generate a key on the smartcard, and skips genkey() if things are
configured to use a smartcard.

This also does not touch APK signing because that is a much more elaborate
question, since each app is signed by its own key.
2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
9945045f1b fix bug setting repo_keyalias in init 2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
f582cd7a9e fix bug listing new key created in init
Oops, a typo with a ] in e53092cffa
2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
faf0c4381f add test case were init generates a keystore and uses it 2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
b41f9e67a9 if keystore is given as arg to init, create keystore if it does not exist
Previously, `fdroid init --keystore /tmp/foo` expected the keystore to
exist, or it quit with an error.  But I've changed my mind, I think it is
useful to have it generate a new keystore at that location if it does not
exist.  For example, in tests/run-tests.sh. It still will not clobber an
existing file at that location.
2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
2bd62239f7 'smartcardoptions' config item for setting up HSMs with fdroid
These options are needed to configure Java's keytool and jarsigner to use
a Hardware Security Module aka HSM aka smartcard.  The defaults provided
are meant to make things work as easily as possible.
2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
0950cdac09 make repo_keyalias like a config option: leave it commented out
Before, the code relies on repo_keyalias being None, which does not feel
conffile-like.  Now, its commented out if its not set.
2014-04-07 16:00:18 -04:00
Hans-Christoph Steiner
f1ae3d3fd0 use default keystore path when generating a new setup with init
Before, the path to the keystore was also hardcoded in init.py, this makes
init now get it from the defaults set in common.py.
2014-04-07 16:00:17 -04:00
Hans-Christoph Steiner
0736367675 when generating config.py during init, uncomment changed options
The defaults are set in config.py and are often commented out.  Before, the
regex would only change the value, but leave it commented out.  Now, it
will also uncomment it.
2014-04-07 16:00:17 -04:00
Hans-Christoph Steiner
40fdc2a943 improved error messages related to missing/non-functional SDK paths 2014-04-07 16:00:17 -04:00
Daniel Martí
56b7326b9a Stop looking for builds when Maintainer Notes is found 2014-04-07 18:14:36 +02:00
Ciaran Gultnieks
7f822b01bf Validate publish-related file existence before proceeding 2014-04-04 15:37:18 +01:00
Ciaran Gultnieks
e4ad174399 Use keystore options correctly
Corrects error in 525759b235
2014-04-04 15:31:07 +01:00
Ciaran Gultnieks
9ccdd209ac Merge branch 'master' into 'master'
build and test fixes

various fixes for the build process and tests
2014-04-03 16:51:15 +00:00
Hans-Christoph Steiner
947a6d57d2 'ssh' python module no longer needed, only 'paramiko' 2014-04-03 12:34:01 -04:00
Hans-Christoph Steiner
5ee4f3d72d enable Jenkins reporting of pylint errors and warnings
fatals still can not be enabled because of a bug in pylint when running in
a virtualenv:
https://bitbucket.org/logilab/pylint/issue/73/pylint-is-unable-to-import

running pylint in the virtualenv would not be needed once mwclient is
packaged for Debian and installed that way.
2014-04-03 12:33:22 -04:00
Hans-Christoph Steiner
e9dc2ddd51 jenkins-build: make pylint handle the hashlib hash classes properly
hashlib uses some magic to load whatever is built into the local openssl.
pylint gets confused by this, so we need a pylint plugin to trick pylint
into thinking everything is good.
2014-04-03 12:33:22 -04:00
Ciaran Gultnieks
c353a69231 Switch back to paramiko for all modules 2014-04-03 17:14:59 +01:00
Daniel Martí
c08987cf4b Avoid printing the dir '' 2014-04-03 16:10:54 +02:00
Daniel Martí
fb933ebafd Make pylint happy about re-using the 'added' var 2014-04-03 16:05:15 +02:00
Daniel Martí
0c11f7bc49 scan_source: print problems, only return the total count 2014-04-03 16:04:06 +02:00
Daniel Martí
d6289b7832 Merge commit 'refs/merge-requests/140' of gitorious.org:f-droid/fdroidserver 2014-04-03 13:01:09 +02:00
Hans-Christoph Steiner
9ece46d32f use the virtualenv python so pylint checks against its installed libs 2014-04-02 19:52:47 -04:00
Hans-Christoph Steiner
5b22e11872 make jenkins script use bash so we can use bashisms 2014-04-02 19:49:02 -04:00
Hans-Christoph Steiner
bb15611ed1 setup.py: include 'ssh' and 'mwclient' as required libraries 2014-04-02 19:49:02 -04:00
Daniel Martí
3e12ec93a5 Merge commit 'refs/merge-requests/139' of gitorious.org:f-droid/fdroidserver 2014-04-03 00:12:11 +02:00
Hans-Christoph Steiner
f918323e91 build and install getsig.class with setup.py 2014-04-02 17:54:21 -04:00
Hans-Christoph Steiner
1b130950fd include prefix in data_files install path so it installs correctly
setuptools wants to stick any relative install path in data_files into the
.egg package.  Things are not setup to use the egg now.  We might want to
consider using sticking files into the egg via pkg_resource in the future.
2014-04-02 17:54:21 -04:00
Hans-Christoph Steiner
0663d7b197 include a setuptools MANIFEST to make sure things get installed
Using `python setup.py install`, things in non-standard python paths need
to be added to the MANIFEST in order for them to be included and installed.
There might be a better solution for this, but I haven't found it.
2014-04-02 17:54:21 -04:00
Hans-Christoph Steiner
21fca70d8b add script for running build and tests in Jenkins 2014-04-02 17:54:21 -04:00
Hans-Christoph Steiner
bfa21fb630 add script to do a test run of creating a new repo
This tests/ folder can then be used for all sorts of tests, including
standard python tests.
2014-04-02 17:49:07 -04:00
Hans-Christoph Steiner
434eab6606 downcase setup.py name to match the name in the repo, Debian package, etc. 2014-04-02 17:49:07 -04:00
Hans-Christoph Steiner
92c1e44dba ignore files created by setup.py processes 2014-04-02 17:48:16 -04:00
Daniel Martí
3905143252 Add default repotype() to make pylint happy 2014-04-02 23:37:29 +02:00
Daniel Martí
8e87feff26 Fix output naming, remove redundant lstrip() 2014-04-02 01:05:33 +02:00
Daniel Martí
fa37c3b2f8 Merge commit 'refs/merge-requests/138' of gitorious.org:f-droid/fdroidserver 2014-04-02 01:03:36 +02:00
Hans-Christoph Steiner
e53092cffa fix genkey key listing in fdroid init
FDroidPopen() does not have a way to send to stdin, so we will use the
password file for now.  In the long run, at least the keypass should always
be sent via stdin rather than via a file.  Ideally, storepass would be too,
but if they are different, then storepass is less important.
2014-04-01 18:04:36 -04:00
Hans-Christoph Steiner
ed3bd25bb5 oops, include common. to call write_password_file() 2014-04-01 18:04:36 -04:00
Hans-Christoph Steiner
8ef6546f81 move fdroid-icon.png to examples/ 2014-04-01 18:04:36 -04:00
Hans-Christoph Steiner
d21bddc159 improved warning when trying to init a dir with stuff in it 2014-04-01 17:51:54 -04:00
Daniel Martí
802d5e298c Merge commit 'refs/merge-requests/137' of gitorious.org:f-droid/fdroidserver 2014-04-01 23:47:11 +02:00
Daniel Martí
870ed87a36 Fix bankdroid build
All console stuff should be avoided already with just readLine
2014-04-01 19:29:37 +02:00
Daniel Martí
5dc29c8a05 Fix apk path on gradle builds where both subdir and flavour@dir are used 2014-04-01 19:25:43 +02:00
Daniel Martí
d8374b3efa Add keyaliases config default 2014-04-01 18:58:20 +02:00
Ciaran Gultnieks
f10d16f734 Remove ruby packages from buildserver 2014-04-01 17:40:11 +01:00
Hans-Christoph Steiner
7bb490221a set the default keystore to the same as the default in fdroid init
This should keep things simple and consistent.
2014-03-31 21:42:46 -04:00
Hans-Christoph Steiner
a31f4571c2 fix example files install in setup.py
This also makes the file layout in git basically the same as the installed
file layout, using an examples/ dir.  I'm not sure if config.buildserver.py
is an example conf file, or a conf file that is actually in use, so I did
not move it.
2014-03-31 21:29:51 -04:00