From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 16 Mar 2017 17:51:43 +0000 (+0100)
Subject: signindex: support signing index-v1.jar
X-Git-Tag: 0.8~98^2
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=866528de5b87c37a1231a3b0a7f8fc4003f4cbfb;p=fdroidserver.git

signindex: support signing index-v1.jar

This is a bit different than index.jar: instead of their being index.xml
and index_unsigned.jar, the presense of index-v1.json means that there is
unsigned data.  That file is then stuck into a jar and signed by the
signing process.  index-v1.json is never published to the repo.  It is
included in the binary transparency log, if that is enabled.
---

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 17ea4c2f..85f7eac0 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -34,6 +34,7 @@ import logging
 import hashlib
 import socket
 import base64
+import zipfile
 import xml.etree.ElementTree as XMLElementTree
 
 from datetime import datetime
@@ -410,6 +411,24 @@ def signjar(jar):
         sys.exit(1)
 
 
+def sign_index_v1(repodir, json_name):
+    """
+    sign index-v1.json to make index-v1.jar
+
+    This is a bit different than index.jar: instead of their being index.xml
+    and index_unsigned.jar, the presense of index-v1.json means that there is
+    unsigned data.  That file is then stuck into a jar and signed by the
+    signing process.  index-v1.json is never published to the repo.  It is
+    included in the binary transparency log, if that is enabled.
+    """
+    name, ext = get_extension(json_name)
+    index_file = os.path.join(repodir, json_name)
+    jar_file = os.path.join(repodir, name + '.jar')
+    with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
+        jar.write(index_file, json_name)
+    signjar(jar_file)
+
+
 def get_local_metadata_files():
     '''get any metadata files local to an app's source repo
 
diff --git a/fdroidserver/signindex.py b/fdroidserver/signindex.py
index 658d4cb8..cbc19aa0 100644
--- a/fdroidserver/signindex.py
+++ b/fdroidserver/signindex.py
@@ -54,12 +54,19 @@ def main():
 
         unsigned = os.path.join(output_dir, 'index_unsigned.jar')
         if os.path.exists(unsigned):
-
             common.signjar(unsigned)
             os.rename(unsigned, os.path.join(output_dir, 'index.jar'))
             logging.info('Signed index in ' + output_dir)
             signed += 1
 
+        json_name = 'index-v1.json'
+        index_file = os.path.join(output_dir, json_name)
+        if os.path.exists(index_file):
+            common.sign_index_v1(output_dir, json_name)
+            os.remove(index_file)
+            logging.info('Signed ' + index_file)
+            signed += 1
+
     if signed == 0:
         logging.info("Nothing to do")
 
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 19a13368..8638dd6c 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -1282,13 +1282,9 @@ def make_index_v1(apps, packages, repodir, repodict, requestsdict):
         json.dump(output, fp, default=_index_encoder_default)
 
     if options.nosign:
-        logging.debug('index-v1 must have a signature, signindex will overwrite it!')
-
-    jar_file = os.path.join(repodir, 'index-v1.jar')
-    with zipfile.ZipFile(jar_file, 'w', zipfile.ZIP_DEFLATED) as jar:
-        jar.write(index_file, json_name)
-    common.signjar(jar_file)
-    os.remove(index_file)
+        logging.debug('index-v1 must have a signature, use `fdroid signindex` to create it!')
+    else:
+        common.sign_index_v1(repodir, json_name)
 
 
 def make_index_v0(apps, apks, repodir, repodict, requestsdict):
diff --git a/tests/run-tests b/tests/run-tests
index 8b91ed02..743cc766 100755
--- a/tests/run-tests
+++ b/tests/run-tests
@@ -113,6 +113,33 @@ echo_header "print fdroid version"
 $fdroid --version
 
 
+#------------------------------------------------------------------------------#
+echo_header 'run process when building and signing are on separate machines'
+
+REPOROOT=`create_test_dir`
+cd $REPOROOT
+cp $WORKSPACE/tests/keystore.jks $REPOROOT/
+$fdroid init --keystore keystore.jks --repo-keyalias=sova
+echo 'keystorepass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+echo 'keypass = "r9aquRHYoI8+dYz6jKrLntQ5/NJNASFBacJh7Jv2BlI="' >> config.py
+echo "accepted_formats = ['txt', 'yml']" >> config.py
+echo 'keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"' >> config.py
+test -d archive || mkdir archive
+test -d metadata || mkdir metadata
+cp $WORKSPACE/tests/metadata/info.guardianproject.urzip.yml metadata/
+test -d repo || mkdir repo
+test -d unsigned || mkdir unsigned
+cp $WORKSPACE/tests/urzip-release-unsigned.apk unsigned/info.guardianproject.urzip_100.apk
+$fdroid publish --verbose
+$fdroid update --verbose --nosign
+$fdroid signindex --verbose
+test -e repo/index.xml
+test -e repo/index.jar
+test -e repo/index-v1.jar
+test -L urzip.apk
+grep -F '<application id=' repo/index.xml > /dev/null
+
+
 #------------------------------------------------------------------------------#
 echo_header "test UTF-8 metadata"