fdroidserver.publish module¶
Sign APKs using keys or via reproducible builds signature copying.
This command takes unsigned APKs and signs them. It looks for unsigned APKs in the unsigned/ directory and puts successfully signed APKs into the repo/ directory. The default is to run in a kind of batch mode, where it will only quit on certain kinds of errors. It mostly reports success by moving an APK from unsigned/ to repo/
- fdroidserver.publish.check_for_key_collisions(allapps)¶
Make sure there’s no collision in keyaliases from apps.
It was suggested at https://dev.guardianproject.info/projects/bazaar/wiki/FDroid_Audit that a package could be crafted, such that it would use the same signing key as an existing app. While it may be theoretically possible for such a colliding package ID to be generated, it seems virtually impossible that the colliding ID would be something that would be a) a valid package ID, and b) a sane-looking ID that would make its way into the repo. Nonetheless, to be sure, before publishing we check that there are no collisions, and refuse to do any publishing if that’s the case.
- Parameters:
- allapps
a dict of all apps to process
- Returns:
- a list of all aliases corresponding to allapps
- fdroidserver.publish.create_key_if_not_existing(keyalias)¶
Ensure a signing key with the given keyalias exists.
- Returns:
- boolean
True if a new key was created, False otherwise
- fdroidserver.publish.key_alias(appid)¶
No summary.
Get the alias which F-Droid uses to indentify the singing key for this App in F-Droids keystore.
- fdroidserver.publish.main()¶
- fdroidserver.publish.publish_source_tarball(apkfilename, unsigned_dir, output_dir)¶
Move the source tarball into the output directory…
- fdroidserver.publish.read_fingerprints_from_keystore()¶
Obtain a dictionary containing all singning-key fingerprints which are managed by F-Droid, grouped by appid.
- fdroidserver.publish.sign_sig_key_fingerprint_list(jar_file)¶
Sign the list of app-signing key fingerprints.
This is used primaryily by fdroid update to determine which APKs where built and signed by F-Droid and which ones were manually added by users.
- fdroidserver.publish.status_update_json(generatedKeys, signedApks)¶
Output a JSON file with metadata about this run.
- fdroidserver.publish.store_stats_fdroid_signing_key_fingerprints(appids, indent=None)¶
Store list of all signing-key fingerprints for given appids to HD.
This list will later on be needed by fdroid update.