Browse Source

init: force keystore to PKCS12 format

Java 8 supports PKCS12, Java 9+ uses PKCS12 by default, which should have
a .p12 file extension.  `fdroid init` has always just added .jks which is
the old default format.

* https://docs.oracle.com/en/java/javase/12/tools/keytool.html#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__GUID-A8B9E662-C1C2-4A0E-9307-A8464F0E95D4
* https://openjdk.java.net/jeps/229
merge-requests/805/head
Hans-Christoph Steiner 2 months ago
parent
commit
8c1cf724e1
4 changed files with 14 additions and 23 deletions
  1. +2
    -1
      fdroidserver/common.py
  2. +2
    -2
      tests/publish.TestCase
  3. +0
    -10
      tests/rewritemeta.TestCase
  4. +10
    -10
      tests/run-tests

+ 2
- 1
fdroidserver/common.py View File

@ -134,7 +134,7 @@ default_config = {
'stats_to_carbon': False,
'repo_maxage': 0,
'build_server_always': False,
'keystore': 'keystore.jks',
'keystore': 'keystore.p12',
'smartcardoptions': [],
'char_limits': {
'author': 256,
@ -3425,6 +3425,7 @@ def genkeystore(localconfig):
'-keyalg', 'RSA', '-keysize', '4096',
'-sigalg', 'SHA256withRSA',
'-validity', '10000',
'-storetype', 'pkcs12',
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-dname', localconfig['keydname'],
'-J-Duser.language=en']

+ 2
- 2
tests/publish.TestCase View File

@ -3,10 +3,10 @@
#
# command which created the keystore used in this test case:
#
# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \
# $ for ALIAS in repokey a163ec9b d2d51ff2 dc3b169e 78688a0f; \
# do keytool -genkey -keystore dummy-keystore.jks \
# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
# -validity '10000' -storepass 123456 \
# -validity '10000' -storepass 123456 -storetype jks \
# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#

+ 0
- 10
tests/rewritemeta.TestCase View File

@ -1,15 +1,5 @@
#!/usr/bin/env python3
#
# command which created the keystore used in this test case:
#
# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \
# do keytool -genkey -keystore dummy-keystore.jks \
# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
# -validity '10000' -storepass 123456 \
# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#
import inspect
import logging
import optparse

+ 10
- 10
tests/run-tests View File

@ -778,7 +778,7 @@ $fdroid server update --local-copy-dir=$LOCALCOPYDIR
# check that --android-home fails when dir does not exist or is not a dir
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
set +e
$fdroid init --keystore $KEYSTORE --android-home /opt/fakeandroidhome
@ -805,7 +805,7 @@ echo_header "check that fake android home passes 'fdroid init'"
REPOROOT=`create_test_dir`
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
@ -820,7 +820,7 @@ else
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
rm -f $FAKE_ANDROID_HOME/build-tools/*/aapt
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
set +e
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
@ -835,7 +835,7 @@ echo_header "check that --android-home overrides ANDROID_HOME"
REPOROOT=`create_test_dir`
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
set +e
@ -859,7 +859,7 @@ else
echo_header "setup a new repo from scratch with keystore and android-home set on cmd line"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
STORED_ANDROID_HOME=$ANDROID_HOME
@ -916,7 +916,7 @@ grep -F '