mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 14:30:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
fdroidserver/examples/fdroid_export_keystore_to_nitrokey.py
Hans-Christoph Steiner 18f3acc32e split out options from read_config() 
There is no longer any reason for these to be intertwined.

This deliberately avoids touching some files as much as possible because
they are super tangled and due to be replaced.  Those files are:

* fdroidserver/build.py
* fdroidserver/update.py

# Conflicts:
#	tests/testcommon.py

# Conflicts:
#	fdroidserver/btlog.py
#	fdroidserver/import_subcommand.py
2024-05-08 16:26:46 +02:00

61 lines
2.2 KiB
Python
Raw Blame History

#!/usr/bin/env python3
#
# an fdroid plugin for exporting a repo's keystore in standard PEM format
import os
from argparse import ArgumentParser
from fdroidserver import common
from fdroidserver.common import FDroidPopen
from fdroidserver.exception import BuildException
fdroid_summary = "export the repo's keystore file to a NitroKey HSM"
def run(cmd, error):
envs = {'LC_ALL': 'C.UTF-8',
'PIN': config['smartcard_pin'],
'FDROID_KEY_STORE_PASS': config['keystorepass'],
'FDROID_KEY_PASS': config['keypass']}
p = FDroidPopen(cmd, envs=envs)
if p.returncode != 0:
raise BuildException(error, p.output)
def main():
global config
parser = ArgumentParser()
common.setup_global_opts(parser)
common.parse_args(parser)
config = common.read_config()
destkeystore = config['keystore'].replace('.jks', '.p12').replace('/', '_')
exportkeystore = config['keystore'].replace('.jks', '.pem').replace('/', '_')
if os.path.exists(destkeystore) or os.path.exists(exportkeystore):
raise BuildException('%s exists!' % exportkeystore)
run([config['keytool'], '-importkeystore',
'-srckeystore', config['keystore'],
'-srcalias', config['repo_keyalias'],
'-srcstorepass:env', 'FDROID_KEY_STORE_PASS',
'-srckeypass:env', 'FDROID_KEY_PASS',
'-destkeystore', destkeystore,
'-deststorepass:env', 'FDROID_KEY_STORE_PASS',
'-deststoretype', 'PKCS12'],
'Failed to convert to PKCS12!')
# run(['openssl', 'pkcs12', '-in', destkeystore,
# '-passin', 'env:FDROID_KEY_STORE_PASS', '-nokeys',
# '-out', exportkeystore,
# '-passout', 'env:FDROID_KEY_STORE_PASS'],
# 'Failed to convert to PEM!')
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
'--id', '3', '--store-private-key', destkeystore,
'--format', 'pkcs12', '--auth-id', '3',
'--verify-pin', '--pin', 'env:PIN'],
'')
run(['pkcs15-init', '--delete-objects', 'privkey,pubkey',
'--id', '2', '--store-private-key', destkeystore,
'--format', 'pkcs12', '--auth-id', '3',
'--verify-pin', '--pin', 'env:PIN'],
'')
if __name__ == "__main__":
main()
Reference in a new issue View git blame Copy permalink