From 6375fb32a5f261c1a6e4e9e52853e246f80ffbe9 Mon Sep 17 00:00:00 2001 From: "Alexander \"PapaTutuWawa" Date: Mon, 24 Jul 2023 18:14:07 +0200 Subject: [PATCH] feat: Build and sign using my Yubikey --- .gitignore | 3 ++ android/app/build.gradle | 17 +--------- flake.lock | 73 ++++++++++++++++++++++++++++++++++++++-- flake.nix | 34 ++++++++++++++++++- 4 files changed, 108 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index cce5b05..ae242d7 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,6 @@ lib/i18n/ # NixOS .direnv .envrc + +# Build artifacts +release-*/ diff --git a/android/app/build.gradle b/android/app/build.gradle index 25711d1..a050c41 100644 --- a/android/app/build.gradle +++ b/android/app/build.gradle @@ -25,12 +25,6 @@ apply plugin: 'com.android.application' apply plugin: 'kotlin-android' apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle" -def keystoreProperties = new Properties() -def keystorePropertiesFile = rootProject.file('key.properties') -if (keystorePropertiesFile.exists()) { - keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) -} - android { compileSdkVersion 33 ndkVersion flutter.ndkVersion @@ -58,18 +52,9 @@ android { versionName flutterVersionName } - signingConfigs { - release { - keyAlias keystoreProperties['keyAlias'] - keyPassword keystoreProperties['keyPassword'] - storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null - storePassword keystoreProperties['storePassword'] - } - } - buildTypes { release { - signingConfig signingConfigs.release + signingConfig null } } } diff --git a/flake.lock b/flake.lock index 33cec18..b6b5e50 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,25 @@ "type": "github" } }, + "bab": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1689978337, + "narHash": "sha256-d4Rn+YtBrs6NpQobODZYUeVqsTS+WCiGih+WOt+gazA=", + "ref": "refs/heads/master", + "rev": "92687b6513492c6fdc839f313d14da632c9d2767", + "revCount": 1, + "type": "git", + "url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/PapaTutuWawa/bits-and-bytes.git" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -61,6 +80,24 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -92,6 +129,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1689631193, "narHash": "sha256-AGSkBZaiTODQc8eT1rZDrQIjtb8JtFwJ0wVPzArlrnM=", @@ -110,8 +163,9 @@ "root": { "inputs": { "android-nixpkgs": "android-nixpkgs", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "bab": "bab", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" } }, "systems": { @@ -143,6 +197,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 61bf36d..d61ed58 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,10 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; android-nixpkgs.url = "github:tadfisher/android-nixpkgs"; + bab.url = "git+https://codeberg.org/PapaTutuWawa/bits-and-bytes.git"; }; - outputs = { self, nixpkgs, android-nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system: let + outputs = { self, nixpkgs, android-nixpkgs, flake-utils, bab }: flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; config = { @@ -14,6 +15,8 @@ allowUnfree = true; }; }; + lib = pkgs.lib; + babPkgs = bab.packages."${system}"; pinnedJDK = pkgs.jdk17; # Everything to make Flutter happy @@ -50,5 +53,34 @@ # an used parameter. GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${sdk}/share/android-sdk/build-tools/34.0.0/aapt2"; }; + + apps = let + providerArg = pkgs.writeText "provider-arg.cfg" '' + name = OpenSC-PKCS11 + description = SunPKCS11 via OpenSC + library = ${pkgs.opensc}/lib/opensc-pkcs11.so + slotListIndex = 0 + ''; + mkBuildScript = skipBuild: pkgs.writeShellScript "build-anitrack.sh" '' + ${babPkgs.flutter-build}/bin/flutter-build \ + --name AniTrack \ + --not-signed \ + --zipalign ${sdk}/share/android-sdk/build-tools/34.0.0/zipalign \ + --apksigner ${sdk}/share/android-sdk/build-tools/34.0.0/apksigner \ + --provider-config ${providerArg} ${lib.optional skipBuild "--skip-build"} + ''; + in { + # Skip the build and just sign + onlySign = { + type = "app"; + program = "${mkBuildScript true}"; + }; + + # Build everything and sign + build = { + type = "app"; + program = "${mkBuildScript false}"; + }; + }; }); }