mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-13 22:42:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove providerName from default smartcardoptions

Browse source 
apksigner doesn't recognize the SunPKCS11-OpenSC set via providerName
Neither jarsigner nor apksigner need this to work.
This commit is contained in:
Marcus Hoffmann 2020-09-09 18:57:34 +02:00
parent 768a91370c
commit 74af61f255
3 changed files with 35 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/config.py
View file

@ -135,7 +135,7 @@ The repository of older versions of applications from the main demo repository.
# You should not need to change these at all, unless you have a very # You should not need to change these at all, unless you have a very
# customized setup for using smartcards in Java with keytool/jarsigner # customized setup for using smartcards in Java with keytool/jarsigner
# smartcardoptions = "-storetype PKCS11 -providerName SunPKCS11-OpenSC \ # smartcardoptions = "-storetype PKCS11 \
# -providerClass sun.security.pkcs11.SunPKCS11 \ # -providerClass sun.security.pkcs11.SunPKCS11 \
# -providerArg opensc-fdroid.cfg" # -providerArg opensc-fdroid.cfg"

45
fdroidserver/common.py
View file

@ -69,8 +69,10 @@ from .asynchronousfilereader import AsynchronousFileReader
# The path to this fdroidserver distribution # The path to this fdroidserver distribution
FDROID_PATH = os.path.realpath(os.path.join(os.path.dirname(__file__), '..')) FDROID_PATH = os.path.realpath(os.path.join(os.path.dirname(__file__), '..'))
# We need 26.0.0 for aapt but that doesn't ship with apksigner, so take the next higher version # this is the build-tools version, aapt has a separate version that
MINIMUM_BUILD_TOOLS_VERSION = '26.0.1' # has to be manually set in test_aapt_version()
MINIMUM_AAPT_BUILD_TOOLS_VERSION = '26.0.0'
MINIMUM_APKSIGNER_BUILD_TOOLS_VERSION = '26.0.1'
VERCODE_OPERATION_RE = re.compile(r'^([ 0-9/*+-]|%c)+$') VERCODE_OPERATION_RE = re.compile(r'^([ 0-9/*+-]|%c)+$')
@ -110,7 +112,7 @@ default_config = {
'r16b': None, 'r16b': None,
}, },
'cachedir': os.path.join(os.getenv('HOME'), '.cache', 'fdroidserver'), 'cachedir': os.path.join(os.getenv('HOME'), '.cache', 'fdroidserver'),
'build_tools': MINIMUM_BUILD_TOOLS_VERSION, 'build_tools': MINIMUM_AAPT_BUILD_TOOLS_VERSION,
'force_build_tools': False, 'force_build_tools': False,
'java_paths': None, 'java_paths': None,
'scan_binary': False, 'scan_binary': False,
@ -320,8 +322,7 @@ def read_config(opts, config_file='config.py'):
config['smartcardoptions'] = re.sub(r'\s+', r' ', config['smartcardoptions']).split(' ') config['smartcardoptions'] = re.sub(r'\s+', r' ', config['smartcardoptions']).split(' ')
elif not smartcardoptions and 'keystore' in config and config['keystore'] == 'NONE': elif not smartcardoptions and 'keystore' in config and config['keystore'] == 'NONE':
# keystore='NONE' means use smartcard, these are required defaults # keystore='NONE' means use smartcard, these are required defaults
config['smartcardoptions'] = ['-storetype', 'PKCS11', '-providerName', config['smartcardoptions'] = ['-storetype', 'PKCS11', '-providerClass',
'SunPKCS11-OpenSC', '-providerClass',
'sun.security.pkcs11.SunPKCS11', 'sun.security.pkcs11.SunPKCS11',
'-providerArg', 'opensc-fdroid.cfg'] '-providerArg', 'opensc-fdroid.cfg']
@ -415,6 +416,28 @@ def assert_config_keystore(config):
+ "you can create one using: fdroid update --create-key") + "you can create one using: fdroid update --create-key")
def find_apksigner():
"""
Returns the best version of apksigner following this algorithm:
* use config['apksigner'] if set
* try to find apksigner in path
* find apksigner in build-tools starting from newest installed going down to MINIMUM_APKSIGNER_BUILD_TOOLS_VERSION
:return: path to apksigner or None if no version is found
"""
if set_command_in_config('apksigner'):
return config['apksigner']
build_tools_path = os.path.join(config['sdk_path'], 'build-tools')
for f in sorted(os.listdir(build_tools_path), reverse=True):
if LooseVersion(f) < LooseVersion(MINIMUM_AAPT_BUILD_TOOLS_VERSION):
return None
if os.path.exists(os.path.join(build_tools_path, f, 'apksigner')):
apksigner = os.path.join(build_tools_path, f, 'apksigner')
logging.info("Using %s " % apksigner)
# memoize result
config['apksigner'] = apksigner
return config['apksigner']
def find_sdk_tools_cmd(cmd): def find_sdk_tools_cmd(cmd):
'''find a working path to a tool from the Android SDK''' '''find a working path to a tool from the Android SDK'''
@ -465,13 +488,13 @@ def test_aapt_version(aapt):
# the Debian package has the version string like "v0.2-23.0.2" # the Debian package has the version string like "v0.2-23.0.2"
too_old = False too_old = False
if '.' in bugfix: if '.' in bugfix:
if LooseVersion(bugfix) < LooseVersion(MINIMUM_BUILD_TOOLS_VERSION): if LooseVersion(bugfix) < LooseVersion(MINIMUM_AAPT_BUILD_TOOLS_VERSION):
too_old = True too_old = True
elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.4062713'): elif LooseVersion('.'.join((major, minor, bugfix))) < LooseVersion('0.2.4062713'):
too_old = True too_old = True
if too_old: if too_old:
logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-{version} or newer!") logging.warning(_("'{aapt}' is too old, fdroid requires build-tools-{version} or newer!")
.format(aapt=aapt, version=MINIMUM_BUILD_TOOLS_VERSION)) .format(aapt=aapt, version=MINIMUM_AAPT_BUILD_TOOLS_VERSION))
else: else:
logging.warning(_('Unknown version of aapt, might cause problems: ') + output) logging.warning(_('Unknown version of aapt, might cause problems: ') + output)
@ -3042,15 +3065,14 @@ def sign_apk(unsigned_path, signed_path, keyalias):
if int(apk.get_target_sdk_version()) >= 30: if int(apk.get_target_sdk_version()) >= 30:
if config['keystore'] == 'NONE': if config['keystore'] == 'NONE':
replacements = {'-storetype': '--ks-type', replacements = {'-storetype': '--ks-type',
'-providerName': '--ks-provider-name',
'-providerClass': '--ks-provider-class', '-providerClass': '--ks-provider-class',
'-providerArg': '--ks-provider-arg'} '-providerArg': '--ks-provider-arg'}
signing_args = [replacements.get(n, n) for n in config['smartcardoptions']] signing_args = [replacements.get(n, n) for n in config['smartcardoptions']]
else: else:
signing_args = ['--key-pass', 'env:FDROID_KEY_PASS'] signing_args = ['--key-pass', 'env:FDROID_KEY_PASS']
if not set_command_in_config('apksigner'): if not find_apksigner():
config['apksigner'] = find_sdk_tools_cmd('apksigner') raise BuildException(_("apksigner not found, it's required for signing!"))
cmd = [config['apksigner'], 'sign', cmd = [find_apksigner(), 'sign',
'--ks', config['keystore'], '--ks', config['keystore'],
'--ks-pass', 'env:FDROID_KEY_STORE_PASS'] '--ks-pass', 'env:FDROID_KEY_STORE_PASS']
cmd += signing_args cmd += signing_args
@ -3079,7 +3101,6 @@ def sign_apk(unsigned_path, signed_path, keyalias):
cmd += signing_args cmd += signing_args
cmd += signature_algorithm cmd += signature_algorithm
cmd += [unsigned_path, keyalias] cmd += [unsigned_path, keyalias]
print(cmd)
p = FDroidPopen(cmd, envs={ p = FDroidPopen(cmd, envs={
'FDROID_KEY_STORE_PASS': config['keystorepass'], 'FDROID_KEY_STORE_PASS': config['keystorepass'],
'FDROID_KEY_PASS': config.get('keypass', "")}) 'FDROID_KEY_PASS': config.get('keypass', "")})

2
fdroidserver/init.py
View file

@ -194,7 +194,7 @@ def main():
common.write_to_config(test_config, 'repo_keyalias', '1') # seems to be the default common.write_to_config(test_config, 'repo_keyalias', '1') # seems to be the default
disable_in_config('keypass', 'never used with smartcard') disable_in_config('keypass', 'never used with smartcard')
common.write_to_config(test_config, 'smartcardoptions', common.write_to_config(test_config, 'smartcardoptions',
('-storetype PKCS11 -providerName SunPKCS11-OpenSC ' ('-storetype PKCS11 '
+ '-providerClass sun.security.pkcs11.SunPKCS11 ' + '-providerClass sun.security.pkcs11.SunPKCS11 '
+ '-providerArg opensc-fdroid.cfg')) + '-providerArg opensc-fdroid.cfg'))
# find opensc-pkcs11.so # find opensc-pkcs11.so