feat: Build and sign using my Yubikey

.gitignore

@@ -49,3 +49,6 @@ lib/i18n/
 # NixOS
 .direnv
 .envrc
+
+# Build artifacts
+release-*/

android/app/build.gradle

@@ -25,12 +25,6 @@ apply plugin: 'com.android.application'
 apply plugin: 'kotlin-android'
 apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
 
-def keystoreProperties = new Properties()
-def keystorePropertiesFile = rootProject.file('key.properties')
-if (keystorePropertiesFile.exists()) {
-    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
-}
-
 android {
     compileSdkVersion 33
     ndkVersion flutter.ndkVersion
@@ -58,18 +52,9 @@ android {
         versionName flutterVersionName
     }
 
-    signingConfigs {
-      release {
-        keyAlias      keystoreProperties['keyAlias']
-        keyPassword   keystoreProperties['keyPassword']
-        storeFile     keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
-        storePassword keystoreProperties['storePassword']
-      }
-    }
-
     buildTypes {
         release {
-            signingConfig signingConfigs.release
+            signingConfig null
         }
     }
 }

flake.lock

@@ -20,6 +20,25 @@
         "type": "github"
       }
     },
+    "bab": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1689978337,
+        "narHash": "sha256-d4Rn+YtBrs6NpQobODZYUeVqsTS+WCiGih+WOt+gazA=",
+        "ref": "refs/heads/master",
+        "rev": "92687b6513492c6fdc839f313d14da632c9d2767",
+        "revCount": 1,
+        "type": "git",
+        "url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git"
+      }
+    },
     "devshell": {
       "inputs": {
         "nixpkgs": [
@@ -61,6 +80,24 @@
       }
     },
     "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1689068808,
+        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
       "locked": {
         "lastModified": 1667395993,
         "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -92,6 +129,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1689935543,
+        "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1689631193,
         "narHash": "sha256-AGSkBZaiTODQc8eT1rZDrQIjtb8JtFwJ0wVPzArlrnM=",
@@ -110,8 +163,9 @@
     "root": {
       "inputs": {
         "android-nixpkgs": "android-nixpkgs",
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_2"
+        "bab": "bab",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": "nixpkgs_3"
       }
     },
     "systems": {
@@ -143,6 +197,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -4,9 +4,10 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     android-nixpkgs.url = "github:tadfisher/android-nixpkgs";
+    bab.url = "git+https://codeberg.org/PapaTutuWawa/bits-and-bytes.git";
   };
 
-  outputs = { self, nixpkgs, android-nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system: let
+  outputs = { self, nixpkgs, android-nixpkgs, flake-utils, bab }: flake-utils.lib.eachDefaultSystem (system: let
     pkgs = import nixpkgs {
       inherit system;
       config = {
@@ -14,6 +15,8 @@
         allowUnfree = true;
       };
     };
+    lib = pkgs.lib;
+    babPkgs = bab.packages."${system}";
     pinnedJDK = pkgs.jdk17;
 
     # Everything to make Flutter happy
@@ -50,5 +53,34 @@
       # an used parameter.
       GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${sdk}/share/android-sdk/build-tools/34.0.0/aapt2";
     };
+
+    apps = let
+      providerArg = pkgs.writeText "provider-arg.cfg" ''
+        name = OpenSC-PKCS11
+        description = SunPKCS11 via OpenSC
+        library = ${pkgs.opensc}/lib/opensc-pkcs11.so
+        slotListIndex = 0
+      '';
+      mkBuildScript = skipBuild: pkgs.writeShellScript "build-anitrack.sh" ''
+        ${babPkgs.flutter-build}/bin/flutter-build \
+          --name AniTrack \
+          --not-signed \
+          --zipalign ${sdk}/share/android-sdk/build-tools/34.0.0/zipalign \
+          --apksigner ${sdk}/share/android-sdk/build-tools/34.0.0/apksigner \
+          --provider-config ${providerArg} ${lib.optional skipBuild "--skip-build"}
+      '';
+    in {
+      # Skip the build and just sign
+      onlySign = {
+        type = "app";
+        program = "${mkBuildScript true}";
+      };
+
+      # Build everything and sign
+      build = {
+        type = "app";
+        program = "${mkBuildScript false}";
+      };
+    };
   });
 }