Add 'fdroid gpgsign' command

Creates detached gpg signatures for any apks that don't have them
yet. Relevant configuration fields need to be set first.

diff --git a/fdroid b/fdroid
index c597eaead50e9f98fe4bdfe9991ee1015ee51d71..b6e37dc7265d652374e8da91c3a31c32fd88e4c1 100755 (executable)
--- a/fdroid
+++ b/fdroid
@@ -25,6 +25,7 @@ commands = {
     "build": "Build a package from source",
     "init": "Quickly start a new repository",
     "publish": "Sign and place packages in the repo",
+    "gpgsign": "Add gpg signatures for packages in repo",
     "update": "Update repo information for new packages",
     "verify": "Verify the integrity of downloaded packages",
     "checkupdates": "Check for updates to applications",

diff --git a/fdroidserver/gpgsign.py b/fdroidserver/gpgsign.py
new file mode 100644 (file)
index 0000000..c1ce354
--- /dev/null
+++ b/fdroidserver/gpgsign.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+#
+# publish.py - part of the FDroid server tools
+# Copyright (C) 2010-2014, Ciaran Gultnieks, ciaran@ciarang.com
+# Copyright (C) 2013-2014 Daniel Martí <mvdan@mvdan.cc>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import os
+import shutil
+import md5
+import glob
+from optparse import OptionParser
+import logging
+
+import common
+import metadata
+from common import FDroidPopen, BuildException
+
+config = None
+options = None
+
+
+def main():
+
+    global config, options
+
+    # Parse command line...
+    parser = OptionParser(usage="Usage: %prog [options] [APPID[:VERCODE] [APPID[:VERCODE] ...]]")
+    parser.add_option("-v", "--verbose", action="store_true", default=False,
+                      help="Spew out even more information than normal")
+    parser.add_option("-q", "--quiet", action="store_true", default=False,
+                      help="Restrict output to warnings and errors")
+    (options, args) = parser.parse_args()
+
+    config = common.read_config(options)
+
+    output_dir = 'repo'
+    if not os.path.isdir(output_dir):
+        logging.error("Missing output directory")
+        sys.exit(1)
+
+    # Process any apks that are waiting to be signed...
+    for apkfile in sorted(glob.glob(os.path.join(output_dir, '*.apk'))):
+
+        apkfilename = os.path.basename(apkfile)
+        sigfilename = apkfilename + ".txt"
+        sigpath = os.path.join(output_dir, sigfilename)
+
+        if not os.path.exists(sigpath):
+            p = FDroidPopen(['gpg', '-a',
+                             '--output', sigpath,
+                             '--detach-sig',
+                             os.path.join(output_dir, apkfilename)])
+            if p.returncode != 0:
+                logging.error("Signing failed.")
+                sys.exit(1)
+
+        logging.info('Signed ' + apkfilename)
+
+
+if __name__ == "__main__":
+    main()