From ba3844e97e5a149a90eb2958c4d77ef97e9c4377 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Michael=20P=C3=B6hn?= Date: Thu, 14 Sep 2017 16:46:43 +0200 Subject: [PATCH] function for finding developer signature in metadata --- fdroidserver/common.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 2857ac06..ae7f6936 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -2099,6 +2099,40 @@ def metadata_get_sigdir(appid, vercode=None): return os.path.join('metadata', appid, 'signatures') +def metadata_find_developer_signature(appid, vercode=None): + """Tires to find the developer signature for given appid. + + This picks the first signature file found in metadata an returns its + signature. + + :returns: sha256 signing key fingerprint of the developer signing key. + None in case no signature can not be found.""" + + # fetch list of dirs for all versions of signatures + appversigdirs = [] + if vercode: + appversigdirs.append(metadata_get_sigdir(appid, vercode)) + else: + appsigdir = metadata_get_sigdir(appid) + if os.path.isdir(appsigdir): + numre = re.compile('[0-9]+') + for ver in os.listdir(appsigdir): + if numre.match(ver): + appversigdir = os.path.join(appsigdir, ver) + appversigdirs.append(appversigdir) + + for sigdir in appversigdirs: + sigs = glob.glob(os.path.join(sigdir, '*.DSA')) + \ + glob.glob(os.path.join(sigdir, '*.EC')) + \ + glob.glob(os.path.join(sigdir, '*.RSA')) + if len(sigs) > 1: + raise FDroidException('ambiguous signatures, please make sure there is only one signature in \'{}\'. (The signature has to be the App maintainers signature for version of the APK.)'.format(sigdir)) + for sig in sigs: + with open(sig, 'rb') as f: + return signer_fingerprint(f.read()) + return None + + def metadata_find_signing_files(appid, vercode): """Gets a list of singed manifests and signatures. -- 2.30.2