mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-16 20:00:11 +01:00
18f3acc32e
There is no longer any reason for these to be intertwined. This deliberately avoids touching some files as much as possible because they are super tangled and due to be replaced. Those files are: * fdroidserver/build.py * fdroidserver/update.py # Conflicts: # tests/testcommon.py # Conflicts: # fdroidserver/btlog.py # fdroidserver/import_subcommand.py
62 lines
2.2 KiB
Python
62 lines
2.2 KiB
Python
#!/usr/bin/env python3
|
|
#
|
|
# an fdroid plugin for exporting a repo's keystore in standard PEM format
|
|
|
|
import os
|
|
from argparse import ArgumentParser
|
|
from fdroidserver import common
|
|
from fdroidserver.common import FDroidPopen
|
|
from fdroidserver.exception import BuildException
|
|
|
|
fdroid_summary = "export the repo's keystore file to a NitroKey HSM"
|
|
|
|
|
|
def run(cmd, error):
|
|
envs = {'LC_ALL': 'C.UTF-8',
|
|
'PIN': config['smartcard_pin'],
|
|
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
|
'FDROID_KEY_PASS': config['keypass']}
|
|
p = FDroidPopen(cmd, envs=envs)
|
|
if p.returncode != 0:
|
|
raise BuildException(error, p.output)
|
|
|
|
|
|
def main():
|
|
global config
|
|
parser = ArgumentParser()
|
|
common.setup_global_opts(parser)
|
|
common.parse_args(parser)
|
|
config = common.read_config()
|
|
destkeystore = config['keystore'].replace('.jks', '.p12').replace('/', '_')
|
|
exportkeystore = config['keystore'].replace('.jks', '.pem').replace('/', '_')
|
|
if os.path.exists(destkeystore) or os.path.exists(exportkeystore):
|
|
raise BuildException('%s exists!' % exportkeystore)
|
|
run([config['keytool'], '-importkeystore',
|
|
'-srckeystore', config['keystore'],
|
|
'-srcalias', config['repo_keyalias'],
|
|
'-srcstorepass:env', 'FDROID_KEY_STORE_PASS',
|
|
'-srckeypass:env', 'FDROID_KEY_PASS',
|
|
'-destkeystore', destkeystore,
|
|
'-deststorepass:env', 'FDROID_KEY_STORE_PASS',
|
|
'-deststoretype', 'PKCS12'],
|
|
'Failed to convert to PKCS12!')
|
|
# run(['openssl', 'pkcs12', '-in', destkeystore,
|
|
# '-passin', 'env:FDROID_KEY_STORE_PASS', '-nokeys',
|
|
# '-out', exportkeystore,
|
|
# '-passout', 'env:FDROID_KEY_STORE_PASS'],
|
|
# 'Failed to convert to PEM!')
|
|
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
|
|
'--id', '3', '--store-private-key', destkeystore,
|
|
'--format', 'pkcs12', '--auth-id', '3',
|
|
'--verify-pin', '--pin', 'env:PIN'],
|
|
'')
|
|
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
|
|
'--id', '2', '--store-private-key', destkeystore,
|
|
'--format', 'pkcs12', '--auth-id', '3',
|
|
'--verify-pin', '--pin', 'env:PIN'],
|
|
'')
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|