mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-09 17:00:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

try injecting signatures for metadata when publishing

Browse source
This commit is contained in:
Michael Pöhn 2017-09-14 16:23:04 +02:00
parent 08627d70a7
commit 91369dacfb
1 changed files with 27 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

29
fdroidserver/publish.py
View file

@ -172,6 +172,31 @@ def main():
# It's a 'normal' app, i.e. we sign and publish it... # It's a 'normal' app, i.e. we sign and publish it...
# First we handle signatures for this app from local metadata
signingfiles = common.metadata_find_developer_signing_files(appid, vercode)
if signingfiles:
# There's a signature of the app developer present in our
# metadata. This means we're going to prepare both a locally
# signed APK and a version signed with the developers key.
signaturefile, signedfile, manifest = signingfiles
with open(signaturefile, 'rb') as f:
devfp = common.signer_fingerprint_short(f.read())
devsigned = '{}_{}_{}.apk'.format(appid, vercode, devfp)
devsignedtmp = os.path.join(tmp_dir, devsigned)
shutil.copy(apkfile, devsignedtmp)
common.apk_implant_signatures(devsignedtmp, signaturefile,
signedfile, manifest)
if common.verify_apk_signature(devsignedtmp):
shutil.move(devsignedtmp, os.path.join(output_dir, devsigned))
else:
os.remove(devsignedtmp)
logging.error('...verification failed - skipping: %s', devsigned)
# Now we sign with the F-Droid key.
# Figure out the key alias name we'll use. Only the first 8 # Figure out the key alias name we'll use. Only the first 8
# characters are significant, so we'll use the first 8 from # characters are significant, so we'll use the first 8 from
# the MD5 of the app's ID and hope there are no collisions. # the MD5 of the app's ID and hope there are no collisions.
@ -211,7 +236,7 @@ def main():
'-keypass:env', 'FDROID_KEY_PASS', '-keypass:env', 'FDROID_KEY_PASS',
'-dname', config['keydname']], envs=env_vars) '-dname', config['keydname']], envs=env_vars)
if p.returncode != 0: if p.returncode != 0:
raise BuildException("Failed to generate key") raise BuildException("Failed to generate key", p.output)
signed_apk_path = os.path.join(output_dir, apkfilename) signed_apk_path = os.path.join(output_dir, apkfilename)
if os.path.exists(signed_apk_path): if os.path.exists(signed_apk_path):
@ -227,7 +252,7 @@ def main():
'SHA1withRSA', '-digestalg', 'SHA1', 'SHA1withRSA', '-digestalg', 'SHA1',
apkfile, keyalias], envs=env_vars) apkfile, keyalias], envs=env_vars)
if p.returncode != 0: if p.returncode != 0:
raise BuildException(_("Failed to sign application")) raise BuildException(_("Failed to sign application"), p.output)
# Zipalign it... # Zipalign it...
p = SdkToolsPopen(['zipalign', '-v', '4', apkfile, p = SdkToolsPopen(['zipalign', '-v', '4', apkfile,