#The keystore to use for release keys when building. This needs to be
#somewhere safe and secure, and backed up!
-keystore = "/home/me/somewhere/my.keystore"
-
-#The password for the keystore (at least 6 characters).
-keystorepass = "password1"
-
-#The password for keys - the same is used for each auto-generated key
-#as well as for the repository key.
-keypass = "password2"
+#keystore = "/home/me/.local/share/fdroidserver/keystore.jks"
+
+# The password for the keystore (at least 6 characters). If this password is
+# different than the keypass below, it can be OK to store the password in this
+# file for real use. But in general, sensitive passwords should not be stored
+# in text files!
+#keystorepass = "password1"
+
+# The password for keys - the same is used for each auto-generated key as well
+# as for the repository key. You should not normally store this password in a
+# file since it is a sensitive password.
+#keypass = "password2"
#The distinguished name used for all keys.
keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"
'stats_to_carbon': False,
'repo_maxage': 0,
'build_server_always': False,
+ 'keystore': os.path.join(os.getenv('HOME'),
+ '.local', 'share', 'fdroidserver', 'keystore.jks'),
'char_limits': {
'Summary' : 50,
'Description' : 1500
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
+ for k in ["keystorepass", "keypass"]:
+ if k in config:
+ write_password_file(k)
+
return config
+def write_password_file(pwtype, password=None):
+ '''
+ writes out passwords to a protected file instead of passing passwords as
+ command line argments
+ '''
+ filename = '.fdroid.' + pwtype + '.txt'
+ fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+ if password == None:
+ os.write(fd, config[pwtype])
+ else:
+ os.write(fd, password)
+ os.close(fd)
+ config[pwtype + 'file'] = filename
+
# Given the arguments in the form of multiple appid:[vc] strings, this returns
# a dictionary with the set of vercodes specified for each package.
def read_pkg_args(args, allow_vercodes=False):
def genkey(keystore, repo_keyalias, password, keydname):
'''generate a new keystore with a new key in it for signing repos'''
logging.info('Generating a new key in "' + keystore + '"...')
+ write_password_file("keystorepass", password)
+ write_password_file("keypass", password)
p = FDroidPopen(['keytool', '-genkey',
'-keystore', keystore, '-alias', repo_keyalias,
'-keyalg', 'RSA', '-keysize', '4096',
'-sigalg', 'SHA256withRSA',
'-validity', '10000',
- '-storepass', password, '-keypass', password,
+ '-storepass:file', config['keystorepassfile'],
+ '-keypass:file', config['keypassfile'],
'-dname', keydname])
if p.returncode != 0:
raise BuildException("Failed to generate key", p.stdout)
# 'metadata' and 'tmp' are created in fdroid
os.mkdir('repo')
shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
- shutil.copyfile(os.path.join(examplesdir, 'sampleconfigs', 'config.py'), 'config.py')
+ shutil.copyfile(os.path.join(examplesdir, 'config.py'), 'config.py')
os.chmod('config.py', 0o0600)
else:
logging.info('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
# if not generate one...
p = FDroidPopen(['keytool', '-list',
'-alias', keyalias, '-keystore', config['keystore'],
- '-storepass', config['keystorepass']])
+ '-storepass:file', config['keystorepass']])
if p.returncode !=0:
logging.info("Key does not exist - generating...")
p = FDroidPopen(['keytool', '-genkey',
'-keystore', config['keystore'], '-alias', keyalias,
'-keyalg', 'RSA', '-keysize', '2048',
'-validity', '10000',
- '-storepass', config['keystorepass'],
- '-keypass', config['keypass'],
+ '-storepass:file', config['keystorepassfile'],
+ '-keypass:file', config['keypassfile'],
'-dname', config['keydname']])
if p.returncode != 0:
raise BuildException("Failed to generate key")
# Sign the application...
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
- '-storepass', config['keystorepass'],
- '-keypass', config['keypass'], '-sigalg',
+ '-storepass:file', config['keystorepassfile'],
+ '-keypass:file', config['keypassfile'], '-sigalg',
'MD5withRSA', '-digestalg', 'SHA1',
apkfile, keyalias])
if p.returncode != 0:
p = FDroidPopen(['keytool', '-exportcert',
'-alias', config['repo_keyalias'],
'-keystore', config['keystore'],
- '-storepass', config['keystorepass']])
+ '-storepass:file', config['keystorepassfile']])
if p.returncode != 0:
logging.critical("Failed to get repo pubkey")
sys.exit(1)
# Sign the index...
p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
- '-storepass', config['keystorepass'], '-keypass', config['keypass'],
+ '-storepass:file', config['keystorepassfile'],
+ '-keypass:file', config['keypassfile'],
'-digestalg', 'SHA1', '-sigalg', 'MD5withRSA',
os.path.join(repodir, 'index.jar') , config['repo_keyalias']])
if p.returncode != 0:
scripts=['fdroid', 'fd-commit'],
data_files=[
('share/doc/fdroidserver/examples',
- [ 'config.buildserver.py',
- 'sampleconfigs/config.sample.py',
- 'sampleconfigs/makebs.config.sample.py',
- 'fdroid-icon.png']),
+ [ 'buildserver/config.buildserver.py',
+ 'examples/config.py',
+ 'examples/makebs.config.py',
+ 'fdroid-icon.png']),
],
install_requires=[
'python-magic',
~ianmdlvl / fdroidserver.git / commitdiff