Documentation on encryption is unclear and encryption options are confusing #162
Comments
|
Currently |
|
Can you clarify if this fingerprint is fixed for f-droid, or we have to get the fingerprint of the f-droid cert created by the generateKeysScript? |
|
I never specified any fingerprint for fdroid when i used fdroid, i think it just used the one from generateKeysScript |
I see thanks, so what is the purpose of this if it builds without it?
Perhaps it's for graphineos, and it is not needed for lineageos? |
|
You can extract the fingerprint using openssl x509 -noout -fingerprint -sha256 -in ./keys/f-droid.x509.pem | cut -d '=' -f 2 | tr -d ':'Once you have hardcoded all fingerprints you can run with |
|
Thanks, that makes sense now 👍🏻 |
I want to finally migrate off test-keys now that µG supports SafetyNet and Magisk has a better hide mechanism.
Unfortunately, the signing setup of robotnix isn't very user-friendly. I want the
releaseScriptvariant, so I built areleaseScriptof my config.This requires
signing.enable = true;which is sensible but from there on, things are less clear. The first thing robotnix complains about is thatsigning.keyStorePathis undefined. Since I chose thereleaseScriptmethod, I don't want to sign from inside the drv, so this is extremely confusing.Through experimentation, I later found out it needs access to the certificates, not the (private) signing keys. These should be separate options to reflect that fact. I don't mind putting (public) certificates in the Nix store.
The need for the certs can be alleviated by setting fingerprints on the prebuilt apps which the docs do hint at but they're very unclear on it.
Related: #24
The text was updated successfully, but these errors were encountered: