gpg-sign all valid files in the repo, including source tarballs

This makes sure there is a GPG signature on any file that is included in the repo, including APKs, OBB, source tarballs, media files, OTA update ZIPs, etc. Having a GPG signature is more important on non-APK files since they mostly do not have any signature mechanism of their own. This also adds basic tests of adding non-APK/OBB files to a repo with `fdroid update`. closes #232
2025-11-11 01:30:30 +03:00 · 2016-11-03 10:26:38 +01:00 · 2016-11-03 10:26:38 +01:00 · 56d51fcd6b
commit 56d51fcd6b
parent 84e09cd2a2
11 changed files with 35 additions and 11 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -2084,3 +2084,14 @@ def get_per_app_repos():
                repos.append(d)
        break
    return repos
+
+
+def is_repo_file(filename):
+    '''Whether the file in a repo is a build product to be delivered to users'''
+    return os.path.isfile(filename) \
+        and os.path.basename(filename) not in [
+            'index.jar',
+            'index.xml',
+            'index.html',
+            'categories.txt',
+        ]
--- a/fdroidserver/gpgsign.py
+++ b/fdroidserver/gpgsign.py
@ -50,10 +50,13 @@ def main():
            sys.exit(1)

        # Process any apks that are waiting to be signed...
-        for apkfile in sorted(glob.glob(os.path.join(output_dir, '*.apk'))):
-
-            apkfilename = os.path.basename(apkfile)
-            sigfilename = apkfilename + ".asc"
+        for f in sorted(glob.glob(os.path.join(output_dir, '*.*'))):
+            if common.get_file_extension(f) == 'asc':
+                continue
+            if not common.is_repo_file(f):
+                continue
+            filename = os.path.basename(f)
+            sigfilename = filename + ".asc"
            sigpath = os.path.join(output_dir, sigfilename)

            if not os.path.exists(sigpath):
@ -64,13 +67,13 @@ def main():
                    gpgargs.extend(['--homedir', config['gpghome']])
                if 'gpgkey' in config:
                    gpgargs.extend(['--local-user', config['gpgkey']])
-                gpgargs.append(os.path.join(output_dir, apkfilename))
+                gpgargs.append(os.path.join(output_dir, filename))
                p = FDroidPopen(gpgargs)
                if p.returncode != 0:
                    logging.error("Signing failed.")
                    sys.exit(1)

-                logging.info('Signed ' + apkfilename)
+                logging.info('Signed ' + filename)


 if __name__ == "__main__":
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@ -517,13 +517,11 @@ def scan_repo_files(apkcache, repodir, knownapks, use_date_from_file=False):
    cachechanged = False
    repo_files = []
    for name in os.listdir(repodir):
-        if name in ['index.jar', 'index.xml', 'index.html', 'categories.txt', ]:
-            continue
        file_extension = common.get_file_extension(name)
        if file_extension == 'apk' or file_extension == 'obb':
            continue
        filename = os.path.join(repodir, name)
-        if not os.path.isfile(filename):
+        if not common.is_repo_file(name):
            continue
        stat = os.stat(filename)
        if stat.st_size == 0: