config[pwtype + 'file'] = filename
+def signjar(jar):
+ '''
+ sign a JAR file with Java's jarsigner.
+
+ This does use old hashing algorithms, i.e. SHA1, but that's not
+ broken yet for file verification. This could be set to SHA256,
+ but then Android < 4.3 would not be able to verify it.
+ https://code.google.com/p/android/issues/detail?id=38321
+ '''
+ args = [config['jarsigner'], '-keystore', config['keystore'],
+ '-storepass:file', config['keystorepassfile'],
+ '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
+ jar, config['repo_keyalias']]
+ if config['keystore'] == 'NONE':
+ args += config['smartcardoptions']
+ else: # smardcards never use -keypass
+ args += ['-keypass:file', config['keypassfile']]
+ p = FDroidPopen(args)
+ if p.returncode != 0:
+ logging.critical("Failed to sign %s!" % jar)
+ sys.exit(1)
+
+
def get_local_metadata_files():
'''get any metadata files local to an app's source repo
import logging
from . import common
-from .common import FDroidPopen
config = None
options = None
unsigned = os.path.join(output_dir, 'index_unsigned.jar')
if os.path.exists(unsigned):
- args = [config['jarsigner'], '-keystore', config['keystore'],
- '-storepass:file', config['keystorepassfile'],
- '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
- unsigned, config['repo_keyalias']]
- if config['keystore'] == 'NONE':
- args += config['smartcardoptions']
- else: # smardcards never use -keypass
- args += ['-keypass:file', config['keypassfile']]
- p = FDroidPopen(args)
- if p.returncode != 0:
- logging.critical("Failed to sign index")
- sys.exit(1)
+ common.signjar(unsigned)
os.rename(unsigned, os.path.join(output_dir, 'index.jar'))
logging.info('Signed index in ' + output_dir)
signed += 1
jar_file = os.path.join(repodir, 'index-v1.jar')
with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
jar.write(index_file, json_name)
- signjar(jar_file)
+ common.signjar(jar_file)
os.remove(index_file)
if os.path.exists(signed):
os.remove(signed)
else:
- signjar(signed)
+ common.signjar(signed)
# Copy the repo icon into the repo directory...
icon_dir = os.path.join(repodir, 'icons')
shutil.copyfile(config['repo_icon'], iconfilename)
-def signjar(jar):
- '''
- sign a JAR file with Java's jarsigner.
-
- This does use old hashing algorithms, i.e. SHA1, but that's not
- broken yet for file verification. This could be set to SHA256,
- but then Android < 4.3 would not be able to verify it.
- https://code.google.com/p/android/issues/detail?id=38321
- '''
- args = [config['jarsigner'], '-keystore', config['keystore'],
- '-storepass:file', config['keystorepassfile'],
- '-digestalg', 'SHA1', '-sigalg', 'SHA1withRSA',
- jar, config['repo_keyalias']]
- if config['keystore'] == 'NONE':
- args += config['smartcardoptions']
- else: # smardcards never use -keypass
- args += ['-keypass:file', config['keypassfile']]
- p = FDroidPopen(args)
- if p.returncode != 0:
- logging.critical("Failed to sign index")
- sys.exit(1)
-
-
def make_categories_txt(repodir, categories):
'''Write a category list in the repo to allow quick access'''
catdata = ''
p = fdroidserver.common.FDroidPopen(commands, stderr_to_stdout=False)
self.assertEqual(p.output, 'stdout message\n')
+ def test_signjar(self):
+ fdroidserver.common.config = None
+ config = fdroidserver.common.read_config(fdroidserver.common.options)
+ config['jarsigner'] = fdroidserver.common.find_sdk_tools_cmd('jarsigner')
+ fdroidserver.common.config = config
+
+ basedir = os.path.dirname(__file__)
+ tmpdir = os.path.join(basedir, '..', '.testfiles')
+ if not os.path.exists(tmpdir):
+ os.makedirs(tmpdir)
+ sourcedir = os.path.join(basedir, 'signindex')
+ testsdir = tempfile.mkdtemp(prefix='test_signjar', dir=tmpdir)
+ for f in ('testy.jar', 'guardianproject.jar',):
+ sourcefile = os.path.join(sourcedir, f)
+ testfile = os.path.join(testsdir, f)
+ shutil.copy(sourcefile, testsdir)
+ fdroidserver.common.signjar(testfile)
+ # these should be resigned, and therefore different
+ self.assertNotEqual(open(sourcefile, 'rb').read(), open(testfile, 'rb').read())
+
if __name__ == "__main__":
parser = optparse.OptionParser()
~ianmdlvl / fdroidserver.git / commitdiff