From 862ac16ab16a7a7d5d299e8d71188b379d8f2baa Mon Sep 17 00:00:00 2001
From: Assam Boudjelthia <assam.boudjelthia@qt.io>
Date: Thu, 6 Aug 2020 19:25:47 +0300
Subject: Android: add the option to set package signing information from env
 vars

Use the following env vars to help conceal private signing information:
- QT_ANDROID_KEYSTORE_PATH
- QT_ANDROID_KEYSTORE_ALIAS
- QT_ANDROID_KEYSTORE_STORE_PASS
- QT_ANDROID_KEYSTORE_KEY_PASS

[ChangeLog][Platform Specific Changes][Android] Added the option to
conceal package
signing information using environment variables.

Task-number: QTBUG-84922
Change-Id: I1fac51ed9e88ef42c761bc916ba1c3bf439806e8
Reviewed-by: hjk <hjk@qt.io>
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
---
 src/tools/androiddeployqt/main.cpp | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'src/tools')

diff --git a/src/tools/androiddeployqt/main.cpp b/src/tools/androiddeployqt/main.cpp
index f9a40715d4..9415554608 100644
--- a/src/tools/androiddeployqt/main.cpp
+++ b/src/tools/androiddeployqt/main.cpp
@@ -478,12 +478,35 @@ Options parseOptions()
                 options.apkPath = arguments.at(++i);
         } else if (argument.compare(QLatin1String("--sign"), Qt::CaseInsensitive) == 0) {
             if (i + 2 >= arguments.size()) {
-                options.helpRequested = true;
+                const QString keyStore = qEnvironmentVariable("QT_ANDROID_KEYSTORE_PATH");
+                const QString storeAlias = qEnvironmentVariable("QT_ANDROID_KEYSTORE_ALIAS");
+                if (keyStore.isEmpty() || storeAlias.isEmpty()) {
+                    options.helpRequested = true;
+                } else {
+                    fprintf(stdout,
+                            "Using package signing path and alias values found from the "
+                            "environment variables.\n");
+                    options.releasePackage = true;
+                    options.keyStore = keyStore;
+                    options.keyStoreAlias = storeAlias;
+                }
             } else {
                 options.releasePackage = true;
                 options.keyStore = arguments.at(++i);
                 options.keyStoreAlias = arguments.at(++i);
             }
+
+            // Do not override if the passwords are provided through arguments
+            if (options.keyStorePassword.isEmpty()) {
+                fprintf(stdout, "Using package signing store password found from the environment "
+                        "variable.\n");
+                options.keyStorePassword = qEnvironmentVariable("QT_ANDROID_KEYSTORE_STORE_PASS");
+            }
+            if (options.keyPass.isEmpty()) {
+                fprintf(stdout, "Using package signing key password found from the environment "
+                                "variable.\n");
+                options.keyPass = qEnvironmentVariable("QT_ANDROID_KEYSTORE_KEY_PASS");
+            }
         } else if (argument.compare(QLatin1String("--storepass"), Qt::CaseInsensitive) == 0) {
             if (i + 1 == arguments.size())
                 options.helpRequested = true;
@@ -606,6 +629,12 @@ void printHelp()
                     "         --protected: Keystore has protected authentication path.\n"
                     "         --jarsigner: Force jarsigner usage, otherwise apksigner will be\n"
                     "           used if available.\n"
+                    "       NOTE: To conceal the keystore information, the environment variables\n"
+                    "         QT_ANDROID_KEYSTORE_PATH, and QT_ANDROID_KEYSTORE_ALIAS are used to\n"
+                    "         set the values keysotore and alias respectively.\n"
+                    "         Also the environment variables QT_ANDROID_KEYSTORE_STORE_PASS,\n"
+                    "         and QT_ANDROID_KEYSTORE_KEY_PASS are used to set the store and key\n"
+                    "         passwords respectively. This option needs only the --sign parameter.\n"
                     "    --jdk <path/to/jdk>: Used to find the jarsigner tool when used\n"
                     "       in combination with the --release argument. By default,\n"
                     "       an attempt is made to detect the tool using the JAVA_HOME and\n"
-- 
cgit v1.2.3