chiark / gitweb /
~ianmdlvl / fdroidserver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c3a447)
nightly: resign APKs with provided debug.keystore
authorHans-Christoph Steiner <hans@eds.org>
Thu, 30 Nov 2017 20:12:34 +0000 (21:12 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Mon, 4 Dec 2017 21:52:41 +0000 (22:52 +0100)
Rather than needing to run a command before and after the build, in order
to first install the debug.keystore, then after to fetch and publish the
APK, this makes `fdroid nightly` just resign the APK with the provided
debug.keystore.  Then `fdroid nightly` can be run as the final step in a CI
build, and still ensure that the APKs are always signed by the provided
debug.keystore.

fdroidserver/nightly.py patch | blob | history

diff --git a/fdroidserver/nightly.py b/fdroidserver/nightly.py
index 454616e4965318f3428685930a5baea8cc0c70d4..20c55e96dc54ba11c9433f5a3472ab4a258e4d5a 100644 (file)
--- a/fdroidserver/nightly.py
+++ b/fdroidserver/nightly.py
@@ -235,6 +235,8 @@ Last updated: {date}'''.format(repo_git_base=repo_git_base,
         with open('config.py', 'w') as fp:
             fp.write(config)
         os.chmod('config.py', 0o600)
+        config = common.read_config(options)
+        common.assert_config_keystore(config)
 
         for root, dirs, files in os.walk(cibase):
             for d in ('fdroid', '.git', '.gradle'):
@@ -243,12 +245,14 @@ Last updated: {date}'''.format(repo_git_base=repo_git_base,
             for f in files:
                 if f.endswith('-debug.apk'):
                     apkfilename = os.path.join(root, f)
-                    logging.debug(_('copying {apkfilename} into {path}')
-                                  .format(apkfilename=apkfilename, path=repodir))
+                    logging.debug(_('Striping mystery signature from {apkfilename}')
+                                  .format(apkfilename=apkfilename))
                     destapk = os.path.join(repodir, os.path.basename(f))
-                    shutil.copyfile(apkfilename, destapk)
-                    shutil.copystat(apkfilename, destapk)
-                    os.chmod(destapk, 0o644)
+                    os.chmod(apkfilename, 0o644)
+                    logging.debug(_('Resigning {apkfilename} with provided debug.keystore')
+                                  .format(apkfilename=os.path.basename(apkfilename)))
+                    common.apk_strip_signatures(apkfilename, strip_manifest=True)
+                    common.sign_apk(apkfilename, destapk, KEY_ALIAS)
 
         if options.verbose:
             logging.debug(_('attempting bare ssh connection to test deploy key:'))
Unnamed repository; edit this file 'description' to name the repository.