mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-10-06 01:11:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

skip singing apks which ar not validating with signatures from metadata

Browse source
This commit is contained in:
Michael Pöhn 2017-06-13 18:12:45 +02:00
parent 04daa7a03a
commit b993d93395
1 changed files with 55 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

107
fdroidserver/publish.py
View file

@ -171,6 +171,7 @@ def main():
else: else:
# It's a 'normal' app, i.e. we sign and publish it... # It's a 'normal' app, i.e. we sign and publish it...
skipsigning = False
# First we handle signatures for this app from local metadata # First we handle signatures for this app from local metadata
signingfiles = common.metadata_find_developer_signing_files(appid, vercode) signingfiles = common.metadata_find_developer_signing_files(appid, vercode)
@ -194,6 +195,7 @@ def main():
else: else:
os.remove(devsignedtmp) os.remove(devsignedtmp)
logging.error('...verification failed - skipping: %s', devsigned) logging.error('...verification failed - skipping: %s', devsigned)
skipsigning = True
# Now we sign with the F-Droid key. # Now we sign with the F-Droid key.
@ -203,66 +205,67 @@ def main():
# If a collision does occur later, we're going to have to # If a collision does occur later, we're going to have to
# come up with a new alogrithm, AND rename all existing keys # come up with a new alogrithm, AND rename all existing keys
# in the keystore! # in the keystore!
if appid in config['keyaliases']: if not skipsigning:
# For this particular app, the key alias is overridden... if appid in config['keyaliases']:
keyalias = config['keyaliases'][appid] # For this particular app, the key alias is overridden...
if keyalias.startswith('@'): keyalias = config['keyaliases'][appid]
if keyalias.startswith('@'):
m = hashlib.md5()
m.update(keyalias[1:].encode('utf-8'))
keyalias = m.hexdigest()[:8]
else:
m = hashlib.md5() m = hashlib.md5()
m.update(keyalias[1:].encode('utf-8')) m.update(appid.encode('utf-8'))
keyalias = m.hexdigest()[:8] keyalias = m.hexdigest()[:8]
else: logging.info("Key alias: " + keyalias)
m = hashlib.md5()
m.update(appid.encode('utf-8'))
keyalias = m.hexdigest()[:8]
logging.info("Key alias: " + keyalias)
# See if we already have a key for this application, and # See if we already have a key for this application, and
# if not generate one... # if not generate one...
env_vars = { env_vars = {
'FDROID_KEY_STORE_PASS': config['keystorepass'], 'FDROID_KEY_STORE_PASS': config['keystorepass'],
'FDROID_KEY_PASS': config['keypass'], 'FDROID_KEY_PASS': config['keypass'],
} }
p = FDroidPopen([config['keytool'], '-list', p = FDroidPopen([config['keytool'], '-list',
'-alias', keyalias, '-keystore', config['keystore'], '-alias', keyalias, '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS'], envs=env_vars) '-storepass:env', 'FDROID_KEY_STORE_PASS'], envs=env_vars)
if p.returncode != 0:
logging.info("Key does not exist - generating...")
p = FDroidPopen([config['keytool'], '-genkey',
'-keystore', config['keystore'],
'-alias', keyalias,
'-keyalg', 'RSA', '-keysize', '2048',
'-validity', '10000',
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-keypass:env', 'FDROID_KEY_PASS',
'-dname', config['keydname']], envs=env_vars)
if p.returncode != 0: if p.returncode != 0:
raise BuildException("Failed to generate key", p.output) logging.info("Key does not exist - generating...")
p = FDroidPopen([config['keytool'], '-genkey',
'-keystore', config['keystore'],
'-alias', keyalias,
'-keyalg', 'RSA', '-keysize', '2048',
'-validity', '10000',
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-keypass:env', 'FDROID_KEY_PASS',
'-dname', config['keydname']], envs=env_vars)
if p.returncode != 0:
raise BuildException("Failed to generate key", p.output)
signed_apk_path = os.path.join(output_dir, apkfilename) signed_apk_path = os.path.join(output_dir, apkfilename)
if os.path.exists(signed_apk_path): if os.path.exists(signed_apk_path):
raise BuildException("Refusing to sign '{0}' file exists in both " raise BuildException("Refusing to sign '{0}' file exists in both "
"{1} and {2} folder.".format(apkfilename, "{1} and {2} folder.".format(apkfilename,
unsigned_dir, unsigned_dir,
output_dir)) output_dir))
# Sign the application... # Sign the application...
p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'], p = FDroidPopen([config['jarsigner'], '-keystore', config['keystore'],
'-storepass:env', 'FDROID_KEY_STORE_PASS', '-storepass:env', 'FDROID_KEY_STORE_PASS',
'-keypass:env', 'FDROID_KEY_PASS', '-sigalg', '-keypass:env', 'FDROID_KEY_PASS', '-sigalg',
'SHA1withRSA', '-digestalg', 'SHA1', 'SHA1withRSA', '-digestalg', 'SHA1',
apkfile, keyalias], envs=env_vars) apkfile, keyalias], envs=env_vars)
if p.returncode != 0: if p.returncode != 0:
raise BuildException(_("Failed to sign application"), p.output) raise BuildException(_("Failed to sign application"), p.output)
# Zipalign it... # Zipalign it...
p = SdkToolsPopen(['zipalign', '-v', '4', apkfile, p = SdkToolsPopen(['zipalign', '-v', '4', apkfile,
os.path.join(output_dir, apkfilename)]) os.path.join(output_dir, apkfilename)])
if p.returncode != 0: if p.returncode != 0:
raise BuildException(_("Failed to align application")) raise BuildException(_("Failed to align application"))
os.remove(apkfile) os.remove(apkfile)
publish_source_tarball(apkfilename, unsigned_dir, output_dir) publish_source_tarball(apkfilename, unsigned_dir, output_dir)
logging.info('Published ' + apkfilename) logging.info('Published ' + apkfilename)
if __name__ == "__main__": if __name__ == "__main__":