Allow repo pubkey to defined directly in config

diff --git a/examples/config.py b/examples/config.py
index 0f2bf990b399c66f6a59e0176f993604a6398f3b..31b44ab6e5fd806534a71d4f54a9d94ac7d88b1b 100644 (file)
--- a/examples/config.py
+++ b/examples/config.py
@@ -73,6 +73,13 @@ The repository of older versions of applications from the main demo repository.
 # jarsigner using -alias.  (Not needed in an unsigned repository).
 # repo_keyalias = "fdroidrepo"
 
+# Optionally, the public key for the key defined by repo_keyalias above can
+# be specified here. There is no need to do this, as the public key can and
+# will be retrieved from the keystore when needed. However, specifying it
+# manually can allow some processing to take place without access to the
+# keystore.
+# repo_pubkey = "..."
+
 # The keystore to use for release keys when building. This needs to be
 # somewhere safe and secure, and backed up!  The best way to manage these
 # sensitive keys is to use a "smartcard" (aka Hardware Security Module). To

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 1ec8dad5f66c87b028a8722022efac3c3accb942..fa95001eb5e83679ae92c58015a40c9f018a882c 100644 (file)
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -33,6 +33,7 @@ from pyasn1.error import PyAsn1Error
 from pyasn1.codec.der import decoder, encoder
 from pyasn1_modules import rfc2315
 from hashlib import md5
+from binascii import hexlify, unhexlify
 
 from PIL import Image
 import logging
@@ -714,20 +715,24 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
             return " ".join(ret)
 
         def extract_pubkey():
-            p = FDroidPopen(['keytool', '-exportcert',
-                             '-alias', config['repo_keyalias'],
-                             '-keystore', config['keystore'],
-                             '-storepass:file', config['keystorepassfile']]
-                            + config['smartcardoptions'], output=False)
-            if p.returncode != 0:
-                msg = "Failed to get repo pubkey!"
-                if config['keystore'] == 'NONE':
-                    msg += ' Is your crypto smartcard plugged in?'
-                logging.critical(msg)
-                sys.exit(1)
             global repo_pubkey_fingerprint
-            repo_pubkey_fingerprint = cert_fingerprint(p.output)
-            return "".join("%02x" % ord(b) for b in p.output)
+            if 'repo_pubkey' in config:
+                pubkey = unhexlify(config['repo_pubkey'])
+            else:
+                p = FDroidPopen(['keytool', '-exportcert',
+                                 '-alias', config['repo_keyalias'],
+                                 '-keystore', config['keystore'],
+                                 '-storepass:file', config['keystorepassfile']]
+                                + config['smartcardoptions'], output=False)
+                if p.returncode != 0:
+                    msg = "Failed to get repo pubkey!"
+                    if config['keystore'] == 'NONE':
+                        msg += ' Is your crypto smartcard plugged in?'
+                    logging.critical(msg)
+                    sys.exit(1)
+                pubkey = p.output
+            repo_pubkey_fingerprint = cert_fingerprint(pubkey)
+            return hexlify(pubkey)
 
         repoel.setAttribute("pubkey", extract_pubkey())