chiark / gitweb /
~ianmdlvl / fdroidserver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84e09cd) | patch
gpg-sign all valid files in the repo, including source tarballs
authorHans-Christoph Steiner <hans@eds.org>
Thu, 3 Nov 2016 09:26:38 +0000 (10:26 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Mon, 7 Nov 2016 13:53:01 +0000 (14:53 +0100)
commit56d51fcd6be992c7bbc38431db06817816c1e08e
treeddfe4d7c0f427a3c49a950676f77cc6950fbcfa6tree | snapshot
parent84e09cd2a2c9ba4f963e4c56cd1df5cf4ae2e59fcommit | diff
gpg-sign all valid files in the repo, including source tarballs

This makes sure there is a GPG signature on any file that is included in
the repo, including APKs, OBB, source tarballs, media files, OTA update
ZIPs, etc.  Having a GPG signature is more important on non-APK files since
they mostly do not have any signature mechanism of their own.

This also adds basic tests of adding non-APK/OBB files to a repo with
`fdroid update`.

closes #232
examples/config.py diff | blob | history
fdroidserver/common.py diff | blob | history
fdroidserver/gpgsign.py diff | blob | history
fdroidserver/update.py diff | blob | history
tests/gnupghome/pubring.gpg [new file with mode: 0644] blob
tests/gnupghome/random_seed [new file with mode: 0644] blob
tests/gnupghome/secring.gpg [new file with mode: 0644] blob
tests/gnupghome/trustdb.gpg [new file with mode: 0644] blob
tests/repo/fake.ota.update_1234.zip [new file with mode: 0644] blob
tests/repo/obb.main.twoversions_1101617_src.tar.gz [new file with mode: 0644] blob
tests/run-tests diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.