From 881074b2aa7f36681f684ba208b1c3350872a3fe Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 30 May 2018 22:05:37 +0200 Subject: [PATCH 1/4] nightly: --keep-private-keys option to allow further processing This makes it possible to run `fdroid server update` after `fdroid nightly` has completed. It also actually deletes all private key files. --- fdroidserver/nightly.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fdroidserver/nightly.py b/fdroidserver/nightly.py index 1e150c80..c8076ebb 100644 --- a/fdroidserver/nightly.py +++ b/fdroidserver/nightly.py @@ -91,6 +91,8 @@ def main(): help=_("Specify which debug keystore file to use.")) parser.add_argument("--show-secret-var", action="store_true", default=False, help=_("Print the secret variable to the terminal for easy copy/paste")) + parser.add_argument("--keep-private-keys", action="store_true", default=False, + help=_("Do not remove the private keys generated from the keystore")) parser.add_argument("--file", default='app/build/outputs/apk/*.apk', help=_('The the file to be included in the repo (path or glob)')) parser.add_argument("--no-checksum", action="store_true", default=False, @@ -289,8 +291,10 @@ Last updated: {date}'''.format(repo_git_base=repo_git_base, logging.error(_('cannot publish update, did you set the deploy key?') + '\n' + deploy_key_url) sys.exit(1) - if shutil.rmtree.avoids_symlink_attacks: - shutil.rmtree(os.path.dirname(ssh_private_key_file)) + if not options.keep_private_keys: + os.remove(KEYSTORE_FILE) + if shutil.rmtree.avoids_symlink_attacks: + shutil.rmtree(os.path.dirname(ssh_private_key_file)) else: if not os.path.isfile(options.keystore): From deccd013c951453746f0e7f488d80a51f4b7896c Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 6 Jun 2018 13:37:31 +0200 Subject: [PATCH 2/4] nightly: --no-deploy option to skip rsyncing repo --- fdroidserver/nightly.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/fdroidserver/nightly.py b/fdroidserver/nightly.py index c8076ebb..c31571ff 100644 --- a/fdroidserver/nightly.py +++ b/fdroidserver/nightly.py @@ -93,6 +93,8 @@ def main(): help=_("Print the secret variable to the terminal for easy copy/paste")) parser.add_argument("--keep-private-keys", action="store_true", default=False, help=_("Do not remove the private keys generated from the keystore")) + parser.add_argument("--no-deploy", action="store_true", default=False, + help=_("Do not deploy the new files to the repo")) parser.add_argument("--file", default='app/build/outputs/apk/*.apk', help=_('The the file to be included in the repo (path or glob)')) parser.add_argument("--no-checksum", action="store_true", default=False, @@ -285,12 +287,15 @@ Last updated: {date}'''.format(repo_git_base=repo_git_base, common.local_rsync(options, repo_basedir + '/metadata/', git_mirror_metadatadir + '/') mirror_git_repo.git.add(all=True) mirror_git_repo.index.commit("update app metadata") - try: - subprocess.check_call(['fdroid', 'server', 'update', '--verbose'], cwd=repo_basedir) - except subprocess.CalledProcessError: - logging.error(_('cannot publish update, did you set the deploy key?') - + '\n' + deploy_key_url) - sys.exit(1) + + if not options.no_deploy: + try: + subprocess.check_call(['fdroid', 'server', 'update', '--verbose'], cwd=repo_basedir) + except subprocess.CalledProcessError: + logging.error(_('cannot publish update, did you set the deploy key?') + + '\n' + deploy_key_url) + sys.exit(1) + if not options.keep_private_keys: os.remove(KEYSTORE_FILE) if shutil.rmtree.avoids_symlink_attacks: From 8f2ee4bd1d7176ca171f8b6ff85945e693002fab Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Tue, 19 Jun 2018 15:07:55 +0200 Subject: [PATCH 3/4] run 'zipalign' using standard flags used by Gradle Android Plugin Nice find by @equeim! -p was added in build-tools-23.0.0 https://developer.android.com/studio/publish/app-signing#sign-manually closes #288 --- fdroidserver/common.py | 20 ++++++++++++++------ fdroidserver/publish.py | 7 ++----- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 4584a433..b8f4fd38 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -2527,6 +2527,18 @@ def apk_strip_signatures(signed_apk, strip_manifest=False): out_apk.writestr(info, buf) +def _zipalign(unsigned_apk, aligned_apk): + """run 'zipalign' using standard flags used by Gradle Android Plugin + + -p was added in build-tools-23.0.0 + + https://developer.android.com/studio/publish/app-signing#sign-manually + """ + p = SdkToolsPopen(['zipalign', '-v', '-p', '4', unsigned_apk, aligned_apk]) + if p.returncode != 0: + raise BuildException("Failed to align application") + + def apk_implant_signatures(apkpath, signaturefile, signedfile, manifest): """Implats a signature from metadata into an APK. @@ -2553,9 +2565,7 @@ def apk_implant_signatures(apkpath, signaturefile, signedfile, manifest): buf = in_apk.read(info.filename) out_apk.writestr(info, buf) os.remove(apkpath) - p = SdkToolsPopen(['zipalign', '-v', '4', apkwithnewsig, apkpath]) - if p.returncode != 0: - raise BuildException("Failed to align application") + _zipalign(apkwithnewsig, apkpath) def apk_extract_signatures(apkpath, outdir, manifest=True): @@ -2602,9 +2612,7 @@ def sign_apk(unsigned_path, signed_path, keyalias): if p.returncode != 0: raise BuildException(_("Failed to sign application"), p.output) - p = SdkToolsPopen(['zipalign', '-v', '4', unsigned_path, signed_path]) - if p.returncode != 0: - raise BuildException(_("Failed to zipalign application")) + _zipalign(unsigned_path, signed_path) os.remove(unsigned_path) diff --git a/fdroidserver/publish.py b/fdroidserver/publish.py index fad7d00f..b80f9ea5 100644 --- a/fdroidserver/publish.py +++ b/fdroidserver/publish.py @@ -33,7 +33,7 @@ import zipfile from . import _ from . import common from . import metadata -from .common import FDroidPopen, SdkToolsPopen +from .common import FDroidPopen from .exception import BuildException, FDroidException config = None @@ -350,10 +350,7 @@ def main(): raise BuildException(_("Failed to sign application"), p.output) # Zipalign it... - p = SdkToolsPopen(['zipalign', '-v', '4', apkfile, - os.path.join(output_dir, apkfilename)]) - if p.returncode != 0: - raise BuildException(_("Failed to align application")) + common._zipalign(apkfile, os.path.join(output_dir, apkfilename)) os.remove(apkfile) publish_source_tarball(apkfilename, unsigned_dir, output_dir) From a736a37282a8f0efcf7acdb9de1ce0c0ab74d25b Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Tue, 19 Jun 2018 15:11:18 +0200 Subject: [PATCH 4/4] update: let it work without JDK, only JRE and apksigner --- fdroidserver/update.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fdroidserver/update.py b/fdroidserver/update.py index 296111de..58aab01c 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -1875,7 +1875,8 @@ def main(): config = common.read_config(options) - if not ('jarsigner' in config and 'keytool' in config): + if not (('jarsigner' in config or 'apksigner' in config) + and 'keytool' in config): raise FDroidException(_('Java JDK not found! Install in standard location or set java_paths!')) repodirs = ['repo']