-#!/usr/bin/env python2
-# -*- coding: utf-8 -*-
+#!/usr/bin/env python3
#
-# update.py - part of the FDroid server tools
+# init.py - part of the FDroid server tools
# Copyright (C) 2010-2013, Ciaran Gultnieks, ciaran@ciarang.com
# Copyright (C) 2013-2014 Daniel Martà <mvdan@mvdan.cc>
# Copyright (C) 2013 Hans-Christoph Steiner <hans@eds.org>
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import hashlib
+import glob
import os
import re
import shutil
import socket
import sys
-from optparse import OptionParser
+from argparse import ArgumentParser
import logging
-import common
-from common import FDroidPopen, BuildException
+from . import _
+from . import common
+from .exception import FDroidException
config = {}
options = None
-def write_to_config(key, value):
- '''write a key/value to the local config.py'''
- with open('config.py', 'r') as f:
+
+def disable_in_config(key, value):
+ '''write a key/value to the local config.py, then comment it out'''
+ with open('config.py', 'r', encoding='utf8') as f:
data = f.read()
pattern = '\n[\s#]*' + key + '\s*=\s*"[^"]*"'
- repl = '\n' + key + ' = "' + value + '"'
+ repl = '\n#' + key + ' = "' + value + '"'
data = re.sub(pattern, repl, data)
- with open('config.py', 'w') as f:
+ with open('config.py', 'w', encoding='utf8') as f:
f.writelines(data)
-def genpassword():
- '''generate a random password for when generating keys'''
- h = hashlib.sha256()
- h.update(os.urandom(16)) # salt
- h.update(bytes(socket.getfqdn()))
- return h.digest().encode('base64').strip()
-
-
-def genkey(keystore, repo_keyalias, password, keydname):
- '''generate a new keystore with a new key in it for signing repos'''
- logging.info('Generating a new key in "' + keystore + '"...')
- common.write_password_file("keystorepass", password)
- common.write_password_file("keypass", password)
- p = FDroidPopen(['keytool', '-genkey',
- '-keystore', keystore, '-alias', repo_keyalias,
- '-keyalg', 'RSA', '-keysize', '4096',
- '-sigalg', 'SHA256withRSA',
- '-validity', '10000',
- '-storepass:file', config['keystorepassfile'],
- '-keypass:file', config['keypassfile'],
- '-dname', keydname])
- # TODO keypass should be sent via stdin
- if p.returncode != 0:
- raise BuildException("Failed to generate key", p.stdout)
- # now show the lovely key that was just generated
- p = FDroidPopen(['keytool', '-list', '-v',
- '-keystore', keystore, '-alias', repo_keyalias,
- '-storepass:file', config['keystorepassfile']])
- logging.info(p.stdout.strip() + '\n\n')
-
-
def main():
global options, config
# Parse command line...
- parser = OptionParser()
- parser.add_option("-v", "--verbose", action="store_true", default=False,
- help="Spew out even more information than normal")
- parser.add_option("-q", "--quiet", action="store_true", default=False,
- help="Restrict output to warnings and errors")
- parser.add_option("-d", "--distinguished-name", default=None,
- help="X.509 'Distiguished Name' used when generating keys")
- parser.add_option("--keystore", default=None,
- help="Path to the keystore for the repo signing key")
- parser.add_option("--repo-keyalias", default=None,
- help="Alias of the repo signing key in the keystore")
- (options, args) = parser.parse_args()
-
- # find root install prefix
- tmp = os.path.dirname(sys.argv[0])
- if os.path.basename(tmp) == 'bin':
- prefix = os.path.dirname(tmp)
- examplesdir = prefix + '/share/doc/fdroidserver/examples'
- else:
- # we're running straight out of the git repo
- prefix = tmp
- examplesdir = prefix + '/examples'
-
+ parser = ArgumentParser()
+ common.setup_global_opts(parser)
+ parser.add_argument("-d", "--distinguished-name", default=None,
+ help=_("X.509 'Distinguished Name' used when generating keys"))
+ parser.add_argument("--keystore", default=None,
+ help=_("Path to the keystore for the repo signing key"))
+ parser.add_argument("--repo-keyalias", default=None,
+ help=_("Alias of the repo signing key in the keystore"))
+ parser.add_argument("--android-home", default=None,
+ help=_("Path to the Android SDK (sometimes set in ANDROID_HOME)"))
+ parser.add_argument("--no-prompt", action="store_true", default=False,
+ help=_("Do not prompt for Android SDK path, just fail"))
+ options = parser.parse_args()
+
+ aapt = None
fdroiddir = os.getcwd()
-
- if not os.path.exists('config.py') and not os.path.exists('repo'):
+ test_config = dict()
+ examplesdir = common.get_examples_dir()
+ common.fill_config_defaults(test_config)
+
+ # track down where the Android SDK is, the default is to use the path set
+ # in ANDROID_HOME if that exists, otherwise None
+ if options.android_home is not None:
+ test_config['sdk_path'] = options.android_home
+ elif not common.test_sdk_exists(test_config):
+ if os.path.isfile('/usr/bin/aapt'):
+ # remove sdk_path and build_tools, they are not required
+ test_config.pop('sdk_path', None)
+ test_config.pop('build_tools', None)
+ # make sure at least aapt is found, since this can't do anything without it
+ test_config['aapt'] = common.find_sdk_tools_cmd('aapt')
+ else:
+ # if neither --android-home nor the default sdk_path
+ # exist, prompt the user using platform-specific default
+ default_sdk_path = '/opt/android-sdk'
+ if sys.platform == 'win32' or sys.platform == 'cygwin':
+ p = os.path.join(os.getenv('USERPROFILE'),
+ 'AppData', 'Local', 'Android', 'android-sdk')
+ elif sys.platform == 'darwin':
+ # on OSX, Homebrew is common and has an easy path to detect
+ p = '/usr/local/opt/android-sdk'
+ else:
+ # if the Debian packages are installed, suggest them
+ p = '/usr/lib/android-sdk'
+ if os.path.exists(p):
+ default_sdk_path = p
+
+ while not options.no_prompt:
+ try:
+ s = input(_('Enter the path to the Android SDK (%s) here:\n> ') % default_sdk_path)
+ except KeyboardInterrupt:
+ print('')
+ sys.exit(1)
+ if re.match('^\s*$', s) is not None:
+ test_config['sdk_path'] = default_sdk_path
+ else:
+ test_config['sdk_path'] = s
+ if common.test_sdk_exists(test_config):
+ break
+ if not common.test_sdk_exists(test_config):
+ raise FDroidException("Android SDK not found.")
+
+ if not os.path.exists('config.py'):
# 'metadata' and 'tmp' are created in fdroid
- os.mkdir('repo')
+ if not os.path.exists('repo'):
+ os.mkdir('repo')
shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
shutil.copyfile(os.path.join(examplesdir, 'config.py'), 'config.py')
os.chmod('config.py', 0o0600)
+ # If android_home is None, test_config['sdk_path'] will be used and
+ # "$ANDROID_HOME" may be used if the env var is set up correctly.
+ # If android_home is not None, the path given from the command line
+ # will be directly written in the config.
+ if 'sdk_path' in test_config:
+ common.write_to_config(test_config, 'sdk_path', options.android_home)
else:
logging.warn('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
logging.info('Try running `fdroid init` in an empty directory.')
- sys.exit()
+ raise FDroidException('Repository already exists.')
+
+ if common.use_androguard():
+ pass
+ elif 'aapt' not in test_config or not os.path.isfile(test_config['aapt']):
+ # try to find a working aapt, in all the recent possible paths
+ build_tools = os.path.join(test_config['sdk_path'], 'build-tools')
+ aaptdirs = []
+ aaptdirs.append(os.path.join(build_tools, test_config['build_tools']))
+ aaptdirs.append(build_tools)
+ for f in os.listdir(build_tools):
+ if os.path.isdir(os.path.join(build_tools, f)):
+ aaptdirs.append(os.path.join(build_tools, f))
+ for d in sorted(aaptdirs, reverse=True):
+ if os.path.isfile(os.path.join(d, 'aapt')):
+ aapt = os.path.join(d, 'aapt')
+ break
+ if aapt and os.path.isfile(aapt):
+ dirname = os.path.basename(os.path.dirname(aapt))
+ if dirname == 'build-tools':
+ # this is the old layout, before versioned build-tools
+ test_config['build_tools'] = ''
+ else:
+ test_config['build_tools'] = dirname
+ common.write_to_config(test_config, 'build_tools')
+ common.ensure_build_tools_exists(test_config)
# now that we have a local config.py, read configuration...
config = common.read_config(options)
- # track down where the Android SDK is
- if os.path.isdir(config['sdk_path']):
- logging.info('Using "' + config['sdk_path'] + '" for the Android SDK')
- sdk_path = config['sdk_path']
- elif 'ANDROID_HOME' in os.environ.keys():
- sdk_path = os.environ['ANDROID_HOME']
- else:
- default_sdk_path = '/opt/android-sdk'
- while True:
- s = raw_input('Enter the path to the Android SDK (' + default_sdk_path + '): ')
- if re.match('^\s*$', s) != None:
- sdk_path = default_sdk_path
- else:
- sdk_path = s
- if os.path.isdir(os.path.join(sdk_path, 'build-tools')):
- break
- else:
- logging.info('"' + s + '" does not contain the Android SDK! Try again...')
- if os.path.isdir(sdk_path):
- write_to_config('sdk_path', sdk_path)
-
- # try to find a working aapt, in all the recent possible paths
- build_tools = os.path.join(sdk_path, 'build-tools')
- aaptdirs = []
- aaptdirs.append(os.path.join(build_tools, config['build_tools']))
- aaptdirs.append(build_tools)
- for f in sorted(os.listdir(build_tools), reverse=True):
- if os.path.isdir(os.path.join(build_tools, f)):
- aaptdirs.append(os.path.join(build_tools, f))
- for d in aaptdirs:
- if os.path.isfile(os.path.join(d, 'aapt')):
- aapt = os.path.join(d, 'aapt')
- break
- if os.path.isfile(aapt):
- dirname = os.path.basename(os.path.dirname(aapt))
- if dirname == 'build-tools':
- # this is the old layout, before versioned build-tools
- write_to_config('build_tools', '')
- else:
- write_to_config('build_tools', dirname)
-
- # track down where the Android NDK is
- ndk_path = '/opt/android-ndk'
- if os.path.isdir(config['ndk_path']):
- ndk_path = config['ndk_path']
- elif 'ANDROID_NDK' in os.environ.keys():
- logging.info('using ANDROID_NDK')
- ndk_path = os.environ['ANDROID_NDK']
- if os.path.isdir(ndk_path):
- write_to_config('ndk_path', ndk_path)
- # the NDK is optional so we don't prompt the user for it if its not found
+ # the NDK is optional and there may be multiple versions of it, so it's
+ # left for the user to configure
# find or generate the keystore for the repo signing key. First try the
# path written in the default config.py. Then check if the user has
if not os.path.exists(keystore):
logging.info('"' + keystore
+ '" does not exist, creating a new keystore there.')
- write_to_config('keystore', keystore)
+ common.write_to_config(test_config, 'keystore', keystore)
repo_keyalias = None
+ keydname = None
if options.repo_keyalias:
repo_keyalias = options.repo_keyalias
- write_to_config('repo_keyalias', repo_keyalias)
+ common.write_to_config(test_config, 'repo_keyalias', repo_keyalias)
if options.distinguished_name:
keydname = options.distinguished_name
- write_to_config('keydname', keydname)
- if not os.path.isfile(keystore):
- # no existing or specified keystore, generate the whole thing
- keystoredir = os.path.dirname(keystore)
- if not os.path.exists(keystoredir):
- os.makedirs(keystoredir, mode=0o700)
- password = genpassword()
- write_to_config('keystorepass', password)
- write_to_config('keypass', password)
- if options.repo_keyalias == None:
- repo_keyalias = socket.getfqdn()
- write_to_config('repo_keyalias', repo_keyalias)
- if not options.distinguished_name:
- keydname = 'CN=' + repo_keyalias + ', OU=F-Droid'
- write_to_config('keydname', keydname)
- genkey(keystore, repo_keyalias, password, keydname)
-
- logging.info('Built repo based in "' + fdroiddir + '"')
- logging.info('with this config:')
- logging.info(' Android SDK:\t\t\t' + sdk_path)
- logging.info(' Android SDK Build Tools:\t' + os.path.dirname(aapt))
- logging.info(' Android NDK (optional):\t' + ndk_path)
- logging.info(' Keystore for signing key:\t' + keystore)
- if repo_keyalias != None:
- logging.info(' Alias for key in store:\t' + repo_keyalias)
- logging.info('\nTo complete the setup, add your APKs to "' +
- os.path.join(fdroiddir, 'repo') + '"' +
-'''
+ common.write_to_config(test_config, 'keydname', keydname)
+ if keystore == 'NONE': # we're using a smartcard
+ common.write_to_config(test_config, 'repo_keyalias', '1') # seems to be the default
+ disable_in_config('keypass', 'never used with smartcard')
+ common.write_to_config(test_config, 'smartcardoptions',
+ ('-storetype PKCS11 -providerName SunPKCS11-OpenSC '
+ + '-providerClass sun.security.pkcs11.SunPKCS11 '
+ + '-providerArg opensc-fdroid.cfg'))
+ # find opensc-pkcs11.so
+ if not os.path.exists('opensc-fdroid.cfg'):
+ if os.path.exists('/usr/lib/opensc-pkcs11.so'):
+ opensc_so = '/usr/lib/opensc-pkcs11.so'
+ elif os.path.exists('/usr/lib64/opensc-pkcs11.so'):
+ opensc_so = '/usr/lib64/opensc-pkcs11.so'
+ else:
+ files = glob.glob('/usr/lib/' + os.uname()[4] + '-*-gnu/opensc-pkcs11.so')
+ if len(files) > 0:
+ opensc_so = files[0]
+ else:
+ opensc_so = '/usr/lib/opensc-pkcs11.so'
+ logging.warn('No OpenSC PKCS#11 module found, ' +
+ 'install OpenSC then edit "opensc-fdroid.cfg"!')
+ with open(os.path.join(examplesdir, 'opensc-fdroid.cfg'), 'r') as f:
+ opensc_fdroid = f.read()
+ opensc_fdroid = re.sub('^library.*', 'library = ' + opensc_so, opensc_fdroid,
+ flags=re.MULTILINE)
+ with open('opensc-fdroid.cfg', 'w') as f:
+ f.write(opensc_fdroid)
+ elif os.path.exists(keystore):
+ to_set = ['keystorepass', 'keypass', 'repo_keyalias', 'keydname']
+ if repo_keyalias:
+ to_set.remove('repo_keyalias')
+ if keydname:
+ to_set.remove('keydname')
+ logging.warning('\n' + _('Using existing keystore "{path}"').format(path=keystore)
+ + '\n' + _('Now set these in config.py:') + ' '
+ + ', '.join(to_set) + '\n')
+ else:
+ password = common.genpassword()
+ c = dict(test_config)
+ c['keystorepass'] = password
+ c['keypass'] = password
+ c['repo_keyalias'] = socket.getfqdn()
+ c['keydname'] = 'CN=' + c['repo_keyalias'] + ', OU=F-Droid'
+ common.write_to_config(test_config, 'keystorepass', password)
+ common.write_to_config(test_config, 'keypass', password)
+ common.write_to_config(test_config, 'repo_keyalias', c['repo_keyalias'])
+ common.write_to_config(test_config, 'keydname', c['keydname'])
+ common.genkeystore(c)
+
+ msg = '\n'
+ msg += _('Built repo based in "%s" with this config:') % fdroiddir
+ msg += '\n\n Android SDK:\t\t\t' + config['sdk_path']
+ if aapt:
+ msg += '\n Android SDK Build Tools:\t' + os.path.dirname(aapt)
+ msg += '\n Android NDK r12b (optional):\t$ANDROID_NDK'
+ msg += '\n ' + _('Keystore for signing key:\t') + keystore
+ if repo_keyalias is not None:
+ msg += '\n Alias for key in store:\t' + repo_keyalias
+ msg += '\n\n' + '''To complete the setup, add your APKs to "%s"
then run "fdroid update -c; fdroid update". You might also want to edit
"config.py" to set the URL, repo name, and more. You should also set up
-a signing key.
+a signing key (a temporary one might have been automatically generated).
-For more info: https://f-droid.org/manual/fdroid.html#Simple-Binary-Repository
-and https://f-droid.org/manual/fdroid.html#Signing
-''')
+For more info: https://f-droid.org/docs/Setup_an_F-Droid_App_Repo
+and https://f-droid.org/docs/Signing_Process''' % os.path.join(fdroiddir, 'repo')
+ logging.info(msg)
~ianmdlvl / fdroidserver.git / blobdiff