gpg-sign all valid files in the repo, including source tarballs
This makes sure there is a GPG signature on any file that is included in the repo, including APKs, OBB, source tarballs, media files, OTA update ZIPs, etc. Having a GPG signature is more important on non-APK files since they mostly do not have any signature mechanism of their own. This also adds basic tests of adding non-APK/OBB files to a repo with `fdroid update`. closes #232
This commit is contained in:
parent
84e09cd2a2
commit
56d51fcd6b
|
@ -86,7 +86,7 @@ The repository of older versions of applications from the main demo repository.
|
|||
# current_version_name_source = 'id'
|
||||
|
||||
# Optionally, override home directory for gpg
|
||||
# gpghome = /home/fdroid/somewhere/else/.gnupg
|
||||
# gpghome = '/home/fdroid/somewhere/else/.gnupg'
|
||||
|
||||
# The ID of a GPG key for making detached signatures for apks. Optional.
|
||||
# gpgkey = '1DBA2E89'
|
||||
|
|
|
@ -2084,3 +2084,14 @@ def get_per_app_repos():
|
|||
repos.append(d)
|
||||
break
|
||||
return repos
|
||||
|
||||
|
||||
def is_repo_file(filename):
|
||||
'''Whether the file in a repo is a build product to be delivered to users'''
|
||||
return os.path.isfile(filename) \
|
||||
and os.path.basename(filename) not in [
|
||||
'index.jar',
|
||||
'index.xml',
|
||||
'index.html',
|
||||
'categories.txt',
|
||||
]
|
||||
|
|
|
@ -50,10 +50,13 @@ def main():
|
|||
sys.exit(1)
|
||||
|
||||
# Process any apks that are waiting to be signed...
|
||||
for apkfile in sorted(glob.glob(os.path.join(output_dir, '*.apk'))):
|
||||
|
||||
apkfilename = os.path.basename(apkfile)
|
||||
sigfilename = apkfilename + ".asc"
|
||||
for f in sorted(glob.glob(os.path.join(output_dir, '*.*'))):
|
||||
if common.get_file_extension(f) == 'asc':
|
||||
continue
|
||||
if not common.is_repo_file(f):
|
||||
continue
|
||||
filename = os.path.basename(f)
|
||||
sigfilename = filename + ".asc"
|
||||
sigpath = os.path.join(output_dir, sigfilename)
|
||||
|
||||
if not os.path.exists(sigpath):
|
||||
|
@ -64,13 +67,13 @@ def main():
|
|||
gpgargs.extend(['--homedir', config['gpghome']])
|
||||
if 'gpgkey' in config:
|
||||
gpgargs.extend(['--local-user', config['gpgkey']])
|
||||
gpgargs.append(os.path.join(output_dir, apkfilename))
|
||||
gpgargs.append(os.path.join(output_dir, filename))
|
||||
p = FDroidPopen(gpgargs)
|
||||
if p.returncode != 0:
|
||||
logging.error("Signing failed.")
|
||||
sys.exit(1)
|
||||
|
||||
logging.info('Signed ' + apkfilename)
|
||||
logging.info('Signed ' + filename)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
@ -517,13 +517,11 @@ def scan_repo_files(apkcache, repodir, knownapks, use_date_from_file=False):
|
|||
cachechanged = False
|
||||
repo_files = []
|
||||
for name in os.listdir(repodir):
|
||||
if name in ['index.jar', 'index.xml', 'index.html', 'categories.txt', ]:
|
||||
continue
|
||||
file_extension = common.get_file_extension(name)
|
||||
if file_extension == 'apk' or file_extension == 'obb':
|
||||
continue
|
||||
filename = os.path.join(repodir, name)
|
||||
if not os.path.isfile(filename):
|
||||
if not common.is_repo_file(name):
|
||||
continue
|
||||
stat = os.stat(filename)
|
||||
if stat.st_size == 0:
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -139,21 +139,33 @@ $fdroid update
|
|||
|
||||
|
||||
#------------------------------------------------------------------------------#
|
||||
echo_header "copy tests/repo, generate a keystore, and update"
|
||||
echo_header "copy tests/repo, generate java/gpg keys, update, and gpgsign"
|
||||
|
||||
REPOROOT=`create_test_dir`
|
||||
GNUPGHOME=$REPOROOT/gnupghome
|
||||
cd $REPOROOT
|
||||
$fdroid init
|
||||
cp -a $WORKSPACE/tests/metadata $WORKSPACE/tests/repo $REPOROOT/
|
||||
cp -a $WORKSPACE/tests/gnupghome $GNUPGHOME
|
||||
chmod 0700 $GNUPGHOME
|
||||
echo "accepted_formats = ['json', 'txt', 'xml', 'yml']" >> config.py
|
||||
echo "install_list = 'org.adaway'" >> config.py
|
||||
echo "uninstall_list = {'com.android.vending', 'com.facebook.orca',}" >> config.py
|
||||
echo "gpghome = '$GNUPGHOME'" >> config.py
|
||||
echo "gpgkey = 'CE71F7FB'" >> config.py
|
||||
$fdroid update --verbose
|
||||
test -e repo/index.xml
|
||||
test -e repo/index.jar
|
||||
grep -F '<application id=' repo/index.xml > /dev/null
|
||||
grep -F '<install packageName=' repo/index.xml > /dev/null
|
||||
grep -F '<uninstall packageName=' repo/index.xml > /dev/null
|
||||
$fdroid gpgsign --verbose
|
||||
$fdroid gpgsign --verbose
|
||||
test -e repo/obb.mainpatch.current_1619.apk.asc
|
||||
test -e repo/obb.main.twoversions_1101617_src.tar.gz.asc
|
||||
! test -e repo/obb.mainpatch.current_1619.apk.asc.asc
|
||||
! test -e repo/obb.main.twoversions_1101617_src.tar.gz.asc.asc
|
||||
! test -e repo/index.xml.asc
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------#
|
||||
|
|
Loading…
Reference in New Issue