mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-09-13 14:32:28 +03:00
build: check AllowedAPKSigningKeys in reproducible build scenario
The builder should check the `AllowedAPKSigningKeys` at build time, so that the CI can check if somebody gives a wrong value that doesn't match a compared RB binary. In the event it fails, it gives useful information, and in the event it succeeds, it makes it clear that this build has verification back to the developer's original key. Also, add tests for this to the test suite.
This commit is contained in:
Jason A. Donenfeld
Hans-Christoph Steiner
parent
8a0b7e5b1b
commit
26472c22ce
2 changed files with 75 additions and 4 deletions
|
|
@ -1112,6 +1112,34 @@ def main():
|
|||
'supplied reference binary '
|
||||
'successfully')
|
||||
|
||||
used_key = common.apk_signer_fingerprint(of)
|
||||
expected_keys = app['AllowedAPKSigningKeys']
|
||||
if used_key is None:
|
||||
logging.warn(_('reference binary missing '
|
||||
'signature'))
|
||||
elif len(expected_keys) == 0:
|
||||
logging.warn(_('AllowedAPKSigningKeys missing '
|
||||
'but reference binary supplied'))
|
||||
elif used_key not in expected_keys:
|
||||
if options.test:
|
||||
logging.warning(_('Keeping failed build "{apkfilename}"')
|
||||
.format(apkfilename=unsigned_apk))
|
||||
else:
|
||||
logging.debug('removing %s', unsigned_apk)
|
||||
os.remove(unsigned_apk)
|
||||
logging.debug('removing %s', of)
|
||||
os.remove(of)
|
||||
raise FDroidException('supplied reference '
|
||||
'binary signed with '
|
||||
'{signer} instead of '
|
||||
'with {expected}'.
|
||||
format(signer=used_key,
|
||||
expected=expected_keys))
|
||||
else:
|
||||
logging.info(_('supplied reference binary has '
|
||||
'allowed signer {signer}').
|
||||
format(signer=used_key))
|
||||
|
||||
build_succeeded_ids.append([app['id'], build.versionCode])
|
||||
|
||||
if not options.onserver:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue