mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-14 23:12:46 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

make publish and update work with a smartcard HSM

Browse source 
Followup to fdroid/fdroidserver!779.

We need to add smartcardoptions to every call to keytool and jarsigner
as well as handle when keypass not being required and not allowed for
pkcs11 keystores.
This commit is contained in:
Marcus Hoffmann 2020-08-14 15:44:34 +02:00
parent 066978cbcf
commit 004d13a48a
3 changed files with 36 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

13
fdroidserver/common.py
View file

@ -3045,13 +3045,16 @@ def sign_apk(unsigned_path, signed_path, keyalias):
else:
signature_algorithm = ['-sigalg', 'SHA256withRSA', '-digestalg', 'SHA-256']
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-keypass:env', 'FDROID_KEY_PASS']
+ signature_algorithm + [unsigned_path, keyalias],
cmd = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS']
if config['keystore'] == 'NONE':
cmd += config['smartcardoptions']
else:
cmd += '-keypass:env', 'FDROID_KEY_PASS'
p = FDroidPopen(cmd + signature_algorithm + [unsigned_path, keyalias],
envs={
'FDROID_KEY_STORE_PASS': config['keystorepass'],
'FDROID_KEY_PASS': config['keypass'], })
'FDROID_KEY_PASS': config.get('keypass', "")})
if p.returncode != 0:
raise BuildException(_("Failed to sign application"), p.output)