mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-11 01:30:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

move update.signjar() to common so it can also be used in signindex

Browse source
This commit is contained in:
Hans-Christoph Steiner 2017-03-15 21:23:44 +01:00
parent 696bae4d6d
commit fa657ce720
6 changed files with 46 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

23
fdroidserver/common.py
View file

@ -387,6 +387,29 @@ def write_password_file(pwtype, password=None):
config[pwtype + 'file'] = filename
def signjar(jar):
'''
sign a JAR file with Java's jarsigner.
This does use old hashing algorithms, i.e. SHA1, but that's not
broken yet for file verification. This could be set to SHA256,
but then Android < 4.3 would not be able to verify it.
https://code.google.com/p/android/issues/detail?id=38321
'''
args = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'],
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
jar, config['repo_keyalias']]
if config['keystore'] == 'NONE':
args += config['smartcardoptions']
else: # smardcards never use -keypass
args += ['-keypass:file', config['keypassfile']]
p = FDroidPopen(args)
if p.returncode != 0:
logging.critical("Failed to sign %s!" % jar)
sys.exit(1)
def get_local_metadata_files():
'''get any metadata files local to an app's source repo

14
fdroidserver/signindex.py
View file

@ -22,7 +22,6 @@ from argparse import ArgumentParser
import logging
from . import common
from .common import FDroidPopen
config = None
options = None
@ -56,18 +55,7 @@ def main():
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
if os.path.exists(unsigned):
args = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'],
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
unsigned, config['repo_keyalias']]
if config['keystore'] == 'NONE':
args += config['smartcardoptions']
else: # smardcards never use -keypass
args += ['-keypass:file', config['keypassfile']]
p = FDroidPopen(args)
if p.returncode != 0:
logging.critical("Failed to sign index")
sys.exit(1)
common.signjar(unsigned)
os.rename(unsigned, os.path.join(output_dir, 'index.jar'))
logging.info('Signed index in ' + output_dir)
signed += 1

27
fdroidserver/update.py
View file

@ -1287,7 +1287,7 @@ def make_index_v1(apps, packages, repodir, repodict, requestsdict):
jar_file = os.path.join(repodir, 'index-v1.jar')
with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
jar.write(index_file, json_name)
signjar(jar_file)
common.signjar(jar_file)
os.remove(index_file)
@ -1540,7 +1540,7 @@ def make_index_v0(apps, apks, repodir, repodict, requestsdict):
if os.path.exists(signed):
os.remove(signed)
else:
signjar(signed)
common.signjar(signed)
# Copy the repo icon into the repo directory...
icon_dir = os.path.join(repodir, 'icons')
@ -1548,29 +1548,6 @@ def make_index_v0(apps, apks, repodir, repodict, requestsdict):
shutil.copyfile(config['repo_icon'], iconfilename)
def signjar(jar):
'''
sign a JAR file with Java's jarsigner.
This does use old hashing algorithms, i.e. SHA1, but that's not
broken yet for file verification. This could be set to SHA256,
but then Android < 4.3 would not be able to verify it.
https://code.google.com/p/android/issues/detail?id=38321
'''
args = [config['jarsigner'], '-keystore', config['keystore'],
'-storepass:file', config['keystorepassfile'],
'-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
jar, config['repo_keyalias']]
if config['keystore'] == 'NONE':
args += config['smartcardoptions']
else: # smardcards never use -keypass
args += ['-keypass:file', config['keypassfile']]
p = FDroidPopen(args)
if p.returncode != 0:
logging.critical("Failed to sign index")
sys.exit(1)
def make_categories_txt(repodir, categories):
'''Write a category list in the repo to allow quick access'''
catdata = ''