mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-09-13 14:32:28 +03:00
add some example plugins for repo key extraction and migration
This commit is contained in:
Hans-Christoph Steiner
parent
d16ccc6d6c
commit
c8f21bf0e0
5 changed files with 177 additions and 0 deletions
61
examples/fdroid_export_keystore_to_nitrokey.py
Normal file
61
examples/fdroid_export_keystore_to_nitrokey.py
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
#!/usr/bin/env python3
|
||||
#
|
||||
# an fdroid plugin for exporting a repo's keystore in standard PEM format
|
||||
|
||||
import os
|
||||
from argparse import ArgumentParser
|
||||
from fdroidserver import common
|
||||
from fdroidserver.common import FDroidPopen
|
||||
from fdroidserver.exception import BuildException
|
||||
|
||||
fdroid_summary = "export the repo's keystore file to a NitroKey HSM"
|
||||
|
||||
|
||||
def run(cmd, error):
|
||||
envs = {'LC_ALL': 'C.UTF-8',
|
||||
'PIN': config['smartcard_pin'],
|
||||
'FDROID_KEY_STORE_PASS': config['keystorepass'],
|
||||
'FDROID_KEY_PASS': config['keypass']}
|
||||
p = FDroidPopen(cmd, envs=envs)
|
||||
if p.returncode != 0:
|
||||
raise BuildException(error, p.output)
|
||||
|
||||
|
||||
def main():
|
||||
global config
|
||||
parser = ArgumentParser()
|
||||
common.setup_global_opts(parser)
|
||||
options = parser.parse_args()
|
||||
config = common.read_config(options)
|
||||
destkeystore = config['keystore'].replace('.jks', '.p12').replace('/', '_')
|
||||
exportkeystore = config['keystore'].replace('.jks', '.pem').replace('/', '_')
|
||||
if os.path.exists(destkeystore) or os.path.exists(exportkeystore):
|
||||
raise BuildException('%s exists!' % exportkeystore)
|
||||
run([config['keytool'], '-importkeystore',
|
||||
'-srckeystore', config['keystore'],
|
||||
'-srcalias', config['repo_keyalias'],
|
||||
'-srcstorepass:env', 'FDROID_KEY_STORE_PASS',
|
||||
'-srckeypass:env', 'FDROID_KEY_PASS',
|
||||
'-destkeystore', destkeystore,
|
||||
'-deststorepass:env', 'FDROID_KEY_STORE_PASS',
|
||||
'-deststoretype', 'PKCS12'],
|
||||
'Failed to convert to PKCS12!')
|
||||
# run(['openssl', 'pkcs12', '-in', destkeystore,
|
||||
# '-passin', 'env:FDROID_KEY_STORE_PASS', '-nokeys',
|
||||
# '-out', exportkeystore,
|
||||
# '-passout', 'env:FDROID_KEY_STORE_PASS'],
|
||||
# 'Failed to convert to PEM!')
|
||||
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
|
||||
'--id', '3', '--store-private-key', destkeystore,
|
||||
'--format', 'pkcs12', '--auth-id', '3',
|
||||
'--verify-pin', '--pin', 'env:PIN'],
|
||||
'')
|
||||
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
|
||||
'--id', '2', '--store-private-key', destkeystore,
|
||||
'--format', 'pkcs12', '--auth-id', '3',
|
||||
'--verify-pin', '--pin', 'env:PIN'],
|
||||
'')
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Loading…
Add table
Add a link
Reference in a new issue