fdroidclient now uses SHA256 fingerprints internally, and they are shown in
the repo details view. This changes the digest algorithm to SHA256 and
changes the format to match what is shown in the repo details view.
If a key 'foo' is set to None, `if config.get('foo'):` will be false while
`if 'foo' in config:` will be true. A None value is not useful here, so
config.get() is the better check.
Thanks to Adam Pritchard for the suggestion.
This allows the user to set the path to their Android SDK from the command
line. This option is named after the standard env var ANDROID_HOME, as used
in the build.xml generated by `android update project`. --android-home
takes precendence over the ANDROID_HOME env var if it is set.
Previously, `fdroid init` would exit if a repo/ subdir existed. Since it
only changes config.py, that test just caused confusion. Now, only exit if
config.py exists, and if repo/ does not exist, create it.
`fdroid init` runs before any config.py exists, but it still needs to have
the default config and the SDK path tests. So split those two bits out of
common.read_config() so that they can be run separately before config.py
is in place.
Since it is possible to check the file size and MD5 hash of the file up on
the AWS S3 bucket, `fdroid server update` can check that a file needs to be
updated before actually deleting and uploading the new file.
fixes#3137https://dev.guardianproject.info/issues/3137
This makes the AWS S3 setup dead simple: just put in a awsbucket name of
your choosing, set the AWS credentials, and it'll do the rest, whether the
bucket exists already or not. S3 buckets are trivial to delete too, in
case of error: `s3cmd rb s3://mybadbucketname`.
apache-libcloud enables uploading to basically any cloud storage service.
This is the first implementation that allows `fdroid server` to push a repo
up to a AWS S3 'bucket'. Supporting other cloud storage services should
mostly be a matter of finding the libcloud "Provider" and setting the
access creditials.
fixes#3137https://dev.guardianproject.info/issues/3137
Right now, ssh+rsync is the only supported server upload type. Things like
cloud storage services are useful storage bins for fdroid repos since they
are often not blocked while specific websites like Google Play are.
Having serverwebroot optional in `fdroid server` means that it can support
multiple methods of hosting, like cloud storage services. `fdroid server`
can also then support multiple repo hosting options at the same time.
The .fdroid.*.txt password files are only meant to be a conduit for the
passwords, so blow them away everytime. The canonical password is stored
in config.py.
It might makes sense to replace these files with env vars using
-storepass:env and -keypass:env. I figured that the passwords are already
in a file, config.py, so adding more files in the same location with the
same perms would not increase the risk at all.
* Group apk, jar and zip files in the same case
* Use regex to support more patterns and be more flexible
* Only check for usual suspects in jar files (saves time)
* Also catch unknown zip-like files as warnings
This assumes that the smartcard is already setup with a signing key. init
does not generate a key on the smartcard, and skips genkey() if things are
configured to use a smartcard.
This also does not touch APK signing because that is a much more elaborate
question, since each app is signed by its own key.
Previously, `fdroid init --keystore /tmp/foo` expected the keystore to
exist, or it quit with an error. But I've changed my mind, I think it is
useful to have it generate a new keystore at that location if it does not
exist. For example, in tests/run-tests.sh. It still will not clobber an
existing file at that location.
These options are needed to configure Java's keytool and jarsigner to use
a Hardware Security Module aka HSM aka smartcard. The defaults provided
are meant to make things work as easily as possible.
