Browse Source

init: force keystore to PKCS12 format

Java 8 supports PKCS12, Java 9+ uses PKCS12 by default, which should have
a .p12 file extension.  `fdroid init` has always just added .jks which is
the old default format.

* https://docs.oracle.com/en/java/javase/12/tools/keytool.html#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__GUID-A8B9E662-C1C2-4A0E-9307-A8464F0E95D4
* https://openjdk.java.net/jeps/229
merge-requests/805/head
Hans-Christoph Steiner 10 months ago
parent
commit
8c1cf724e1
  1. 3
      fdroidserver/common.py
  2. 4
      tests/publish.TestCase
  3. 10
      tests/rewritemeta.TestCase
  4. 20
      tests/run-tests

3
fdroidserver/common.py

@ -134,7 +134,7 @@ default_config = {
'stats_to_carbon': False,
'repo_maxage': 0,
'build_server_always': False,
'keystore': 'keystore.jks',
'keystore': 'keystore.p12',
'smartcardoptions': [],
'char_limits': {
'author': 256,
@ -3425,6 +3425,7 @@ def genkeystore(localconfig):
'-keyalg', 'RSA', '-keysize', '4096',
'-sigalg', 'SHA256withRSA',
'-validity', '10000',
'-storetype', 'pkcs12',
'-storepass:env', 'FDROID_KEY_STORE_PASS',
'-dname', localconfig['keydname'],
'-J-Duser.language=en']

4
tests/publish.TestCase

@ -3,10 +3,10 @@
#
# command which created the keystore used in this test case:
#
# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \
# $ for ALIAS in repokey a163ec9b d2d51ff2 dc3b169e 78688a0f; \
# do keytool -genkey -keystore dummy-keystore.jks \
# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
# -validity '10000' -storepass 123456 \
# -validity '10000' -storepass 123456 -storetype jks \
# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#

10
tests/rewritemeta.TestCase

@ -1,15 +1,5 @@
#!/usr/bin/env python3
#
# command which created the keystore used in this test case:
#
# $ for ALIAS in 'repokey a163ec9b d2d51ff2 dc3b169e 78688a0f'; \
# do keytool -genkey -keystore dummy-keystore.jks \
# -alias $ALIAS -keyalg 'RSA' -keysize '2048' \
# -validity '10000' -storepass 123456 \
# -keypass 123456 -dname 'CN=test, OU=F-Droid'; done
#
import inspect
import logging
import optparse

20
tests/run-tests

@ -778,7 +778,7 @@ $fdroid server update --local-copy-dir=$LOCALCOPYDIR
# check that --android-home fails when dir does not exist or is not a dir
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
set +e
$fdroid init --keystore $KEYSTORE --android-home /opt/fakeandroidhome
@ -805,7 +805,7 @@ echo_header "check that fake android home passes 'fdroid init'"
REPOROOT=`create_test_dir`
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
@ -820,7 +820,7 @@ else
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
rm -f $FAKE_ANDROID_HOME/build-tools/*/aapt
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
set +e
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
@ -835,7 +835,7 @@ echo_header "check that --android-home overrides ANDROID_HOME"
REPOROOT=`create_test_dir`
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE --android-home $FAKE_ANDROID_HOME
set +e
@ -859,7 +859,7 @@ else
echo_header "setup a new repo from scratch with keystore and android-home set on cmd line"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
FAKE_ANDROID_HOME=`create_test_dir`
create_fake_android_home $FAKE_ANDROID_HOME
STORED_ANDROID_HOME=$ANDROID_HOME
@ -916,7 +916,7 @@ grep -F '<application id=' repo/index.xml > /dev/null
echo_header "setup a new repo from scratch and generate a keystore"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE
test -e $KEYSTORE
@ -935,7 +935,7 @@ grep -F '<application id=' repo/index.xml > /dev/null
echo_header "setup a new repo manually and generate a keystore"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
cp $WORKSPACE/examples/fdroid-icon.png $REPOROOT/
! test -e $KEYSTORE
@ -965,7 +965,7 @@ grep -F '<application id=' repo/index.xml > /dev/null
echo_header "setup a new repo from scratch, generate a keystore, then add APK and update"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
$fdroid init --keystore $KEYSTORE
test -e $KEYSTORE
@ -1001,7 +1001,7 @@ test ! -e NONE
echo_header "setup a new repo with no keystore, add APK, and update"
REPOROOT=`create_test_dir`
KEYSTORE=$REPOROOT/keystore.jks
KEYSTORE=$REPOROOT/keystore.p12
cd $REPOROOT
touch fdroid-icon.png
mkdir repo
@ -1167,7 +1167,7 @@ echo_header "sign binary repo in offline box, then publishing from online box"
if have_git_2_3; then
OFFLINE_ROOT=`create_test_dir`
KEYSTORE=$WORKSPACE/tests/keystore.jks
KEYSTORE=$WORKSPACE/tests/keystore.p12
LOCAL_COPY_DIR=`create_test_dir`/fdroid
mkdir $LOCAL_COPY_DIR
ONLINE_ROOT=`create_test_dir`

Loading…
Cancel
Save