From d4e9cee16850e99206c2edf9818c09083b82606d Mon Sep 17 00:00:00 2001
From: Henrik Tunedal <tunedal@gmail.com>
Date: Sun, 27 Mar 2011 05:14:06 +0200
Subject: [PATCH] Extract repository certificate automatically

---
 config.sample.py | 10 +++-------
 update.py        | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/config.sample.py b/config.sample.py
index 3c4a7227..d91d3f5e 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -18,14 +18,9 @@ binaries built by the original application developers.
 """
 
 #The key (from the keystore defined below) to be used for signing the
-#repository itself. Can be none for an unsigned repository.
+#repository itself. Can be None for an unsigned repository.
 repo_keyalias = None
 
-#If you're building a signed repository, you need the public key here. You
-#can get the public key in the correct format by using 'getsig -f x.jar" where
-#x.jar is any jar you have signed with it.
-repo_pubkey = 'not set'
-
 #The keystore to use for release keys when building. This needs to be
 #somewhere safe and secure, and backed up!
 keystore = "/home/me/somewhere/my.keystore"
@@ -33,7 +28,8 @@ keystore = "/home/me/somewhere/my.keystore"
 #The password for the keystore.
 keystorepass = "foo"
 
-#The password for keys - the same is used for each auto-generated key.
+#The password for keys - the same is used for each auto-generated key
+#as well as for the repository key.
 keypass = "foo2"
 
 #The distinguished name used for all keys.
diff --git a/update.py b/update.py
index c3c106d7..2c85d916 100755
--- a/update.py
+++ b/update.py
@@ -247,7 +247,18 @@ repoel.setAttribute("name", repo_name)
 repoel.setAttribute("icon", os.path.basename(repo_icon))
 repoel.setAttribute("url", repo_url)
 if repo_keyalias != None:
-    repoel.setAttribute("pubkey", repo_pubkey)
+    def extract_pubkey():
+        p = subprocess.Popen(['keytool', '-exportcert',
+                              '-alias', repo_keyalias,
+                              '-keystore', keystore,
+                              '-storepass', keystorepass],
+                             stdout=subprocess.PIPE)
+        cert = p.communicate()[0]
+        if p.returncode != 0:
+            print "ERROR: Failed to get repo pubkey"
+            sys.exit(1)
+        return "".join("%02x" % ord(b) for b in cert)
+    repoel.setAttribute("pubkey", extract_pubkey())
 addElement('description', repo_description, doc, repoel)
 root.appendChild(repoel)
 
-- 
2.30.2