feat: Build and sign using my Yubikey

This commit is contained in:
PapaTutuWawa 2023-07-24 18:14:07 +02:00
parent 7dd53baf06
commit 6375fb32a5
Signed by: PapaTutuWawa
GPG Key ID: 56C749835F3CE824
4 changed files with 108 additions and 19 deletions

3
.gitignore vendored
View File

@ -49,3 +49,6 @@ lib/i18n/
# NixOS
.direnv
.envrc
# Build artifacts
release-*/

View File

@ -25,12 +25,6 @@ apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
def keystoreProperties = new Properties()
def keystorePropertiesFile = rootProject.file('key.properties')
if (keystorePropertiesFile.exists()) {
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
}
android {
compileSdkVersion 33
ndkVersion flutter.ndkVersion
@ -58,18 +52,9 @@ android {
versionName flutterVersionName
}
signingConfigs {
release {
keyAlias keystoreProperties['keyAlias']
keyPassword keystoreProperties['keyPassword']
storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
storePassword keystoreProperties['storePassword']
}
}
buildTypes {
release {
signingConfig signingConfigs.release
signingConfig null
}
}
}

View File

@ -20,6 +20,25 @@
"type": "github"
}
},
"bab": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1689978337,
"narHash": "sha256-d4Rn+YtBrs6NpQobODZYUeVqsTS+WCiGih+WOt+gazA=",
"ref": "refs/heads/master",
"rev": "92687b6513492c6fdc839f313d14da632c9d2767",
"revCount": 1,
"type": "git",
"url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
@ -61,6 +80,24 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -92,6 +129,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689935543,
"narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e43e2448161c0a2c4928abec4e16eae1516571bc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1689631193,
"narHash": "sha256-AGSkBZaiTODQc8eT1rZDrQIjtb8JtFwJ0wVPzArlrnM=",
@ -110,8 +163,9 @@
"root": {
"inputs": {
"android-nixpkgs": "android-nixpkgs",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
"bab": "bab",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
}
},
"systems": {
@ -143,6 +197,21 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

View File

@ -4,9 +4,10 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
android-nixpkgs.url = "github:tadfisher/android-nixpkgs";
bab.url = "git+https://codeberg.org/PapaTutuWawa/bits-and-bytes.git";
};
outputs = { self, nixpkgs, android-nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system: let
outputs = { self, nixpkgs, android-nixpkgs, flake-utils, bab }: flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {
inherit system;
config = {
@ -14,6 +15,8 @@
allowUnfree = true;
};
};
lib = pkgs.lib;
babPkgs = bab.packages."${system}";
pinnedJDK = pkgs.jdk17;
# Everything to make Flutter happy
@ -50,5 +53,34 @@
# an used parameter.
GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${sdk}/share/android-sdk/build-tools/34.0.0/aapt2";
};
apps = let
providerArg = pkgs.writeText "provider-arg.cfg" ''
name = OpenSC-PKCS11
description = SunPKCS11 via OpenSC
library = ${pkgs.opensc}/lib/opensc-pkcs11.so
slotListIndex = 0
'';
mkBuildScript = skipBuild: pkgs.writeShellScript "build-anitrack.sh" ''
${babPkgs.flutter-build}/bin/flutter-build \
--name AniTrack \
--not-signed \
--zipalign ${sdk}/share/android-sdk/build-tools/34.0.0/zipalign \
--apksigner ${sdk}/share/android-sdk/build-tools/34.0.0/apksigner \
--provider-config ${providerArg} ${lib.optional skipBuild "--skip-build"}
'';
in {
# Skip the build and just sign
onlySign = {
type = "app";
program = "${mkBuildScript true}";
};
# Build everything and sign
build = {
type = "app";
program = "${mkBuildScript false}";
};
};
});
}