From: Ciaran Gultnieks <ciaran@ciarang.com>
Date: Sat, 10 Jan 2015 15:44:16 +0000 (+0000)
Subject: Allow repo pubkey to defined directly in config
X-Git-Tag: 0.4.0~156
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=4ae896511ef9d5e2c82aaa811ae71a012159c1b5;p=fdroidserver.git

Allow repo pubkey to defined directly in config
---

diff --git a/examples/config.py b/examples/config.py
index 0f2bf990..31b44ab6 100644
--- a/examples/config.py
+++ b/examples/config.py
@@ -73,6 +73,13 @@ The repository of older versions of applications from the main demo repository.
 # jarsigner using -alias.  (Not needed in an unsigned repository).
 # repo_keyalias = "fdroidrepo"
 
+# Optionally, the public key for the key defined by repo_keyalias above can
+# be specified here. There is no need to do this, as the public key can and
+# will be retrieved from the keystore when needed. However, specifying it
+# manually can allow some processing to take place without access to the
+# keystore.
+# repo_pubkey = "..."
+
 # The keystore to use for release keys when building. This needs to be
 # somewhere safe and secure, and backed up!  The best way to manage these
 # sensitive keys is to use a "smartcard" (aka Hardware Security Module). To
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 1ec8dad5..fa95001e 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -33,6 +33,7 @@ from pyasn1.error import PyAsn1Error
 from pyasn1.codec.der import decoder, encoder
 from pyasn1_modules import rfc2315
 from hashlib import md5
+from binascii import hexlify, unhexlify
 
 from PIL import Image
 import logging
@@ -714,20 +715,24 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
             return " ".join(ret)
 
         def extract_pubkey():
-            p = FDroidPopen(['keytool', '-exportcert',
-                             '-alias', config['repo_keyalias'],
-                             '-keystore', config['keystore'],
-                             '-storepass:file', config['keystorepassfile']]
-                            + config['smartcardoptions'], output=False)
-            if p.returncode != 0:
-                msg = "Failed to get repo pubkey!"
-                if config['keystore'] == 'NONE':
-                    msg += ' Is your crypto smartcard plugged in?'
-                logging.critical(msg)
-                sys.exit(1)
             global repo_pubkey_fingerprint
-            repo_pubkey_fingerprint = cert_fingerprint(p.output)
-            return "".join("%02x" % ord(b) for b in p.output)
+            if 'repo_pubkey' in config:
+                pubkey = unhexlify(config['repo_pubkey'])
+            else:
+                p = FDroidPopen(['keytool', '-exportcert',
+                                 '-alias', config['repo_keyalias'],
+                                 '-keystore', config['keystore'],
+                                 '-storepass:file', config['keystorepassfile']]
+                                + config['smartcardoptions'], output=False)
+                if p.returncode != 0:
+                    msg = "Failed to get repo pubkey!"
+                    if config['keystore'] == 'NONE':
+                        msg += ' Is your crypto smartcard plugged in?'
+                    logging.critical(msg)
+                    sys.exit(1)
+                pubkey = p.output
+            repo_pubkey_fingerprint = cert_fingerprint(pubkey)
+            return hexlify(pubkey)
 
         repoel.setAttribute("pubkey", extract_pubkey())