verify: --clean-up-verified to rm all files except the JSON report

2025-09-13 14:32:28 +03:00 · 2024-12-03 14:16:06 +01:00 · 2024-12-03 14:16:06 +01:00 · 5deb936e86
commit 5deb936e86
parent 56814824ee
2 changed files with 29 additions and 2 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -3649,7 +3649,9 @@ def sign_apk(unsigned_path, signed_path, keyalias):
    os.remove(unsigned_path)


-def verify_apks(signed_apk, unsigned_apk, tmp_dir, v1_only=None):
+def verify_apks(
+    signed_apk, unsigned_apk, tmp_dir, v1_only=None, clean_up_verified=False
+):
    """Verify that two apks are the same.

    One of the inputs is signed, the other is unsigned. The signature metadata
@ -3669,6 +3671,8 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir, v1_only=None):
    v1_only
        True for v1-only signatures, False for v1 and v2 signatures,
        or None for autodetection
+    clean_up_verified
+        Remove any files created here if the verification succeeded.

    Returns
    -------
@ -3705,6 +3709,9 @@ def verify_apks(signed_apk, unsigned_apk, tmp_dir, v1_only=None):
        if result is not None:
            error += '\nComparing reference APK to APK with copied signature...\n' + result
        return error
+    if clean_up_verified and os.path.exists(tmp_apk):
+        logging.info(f"...cleaned up {tmp_apk} after successful verification")
+        os.remove(tmp_apk)

    logging.info('...successfully verified')
    return None
--- a/fdroidserver/verify.py
+++ b/fdroidserver/verify.py
@ -157,6 +157,12 @@ def main():
        nargs='*',
        help=_("application ID with optional versionCode in the form APPID[:VERCODE]"),
    )
+    parser.add_argument(
+        "--clean-up-verified",
+        action="store_true",
+        default=False,
+        help=_("Remove source tarball and any APKs if successfully verified."),
+    )
    parser.add_argument(
        "--reuse-remote-apk",
        action="store_true",
@ -224,12 +230,26 @@ def main():
                        ) from e

            unsigned_apk = os.path.join(unsigned_dir, apkfilename)
-            compare_result = common.verify_apks(remote_apk, unsigned_apk, tmp_dir)
+            compare_result = common.verify_apks(
+                remote_apk,
+                unsigned_apk,
+                tmp_dir,
+                clean_up_verified=options.clean_up_verified,
+            )
            if options.output_json:
                write_json_report(url, remote_apk, unsigned_apk, compare_result)
            if compare_result:
                raise FDroidException(compare_result)

+            if options.clean_up_verified:
+                src_tarball = os.path.join(
+                    unsigned_dir, common.get_src_tarball_name(appid, vercode)
+                )
+                for f in (remote_apk, unsigned_apk, src_tarball):
+                    if os.path.exists(f):
+                        logging.info(f"...cleaned up {f} after successful verification")
+                        os.remove(f)
+
            logging.info("...successfully verified")
            verified += 1