Local-only Android release signing, env-var driven. The maintainer keeps the .jks on their machine; CI age-encrypted-in-repo variant deferred to a follow-up. Adds signingConfigs.release reading 4 env vars (v1+v2+v3 enabled), scripts/build-apk-local.sh --release with .env auto-sourcing and --env-file secret handling, .env.sample template, root .gitignore for *.jks/*.keystore, peer-promoted Signed release APK section in docs/android-apk.md, and new docs/android-signing.md with the keystore ceremony, threat model, backup checklist, and rotation procedure. Closes #165.
26 lines
1.2 KiB
Text
26 lines
1.2 KiB
Text
# MetaScrub local environment overrides.
|
|
#
|
|
# Copy to `.env` and edit. `.env` is gitignored; never commit it.
|
|
# cp .env.sample .env
|
|
#
|
|
# Sourced automatically by scripts/build-apk-local.sh when `--release` is used.
|
|
# For day-to-day debug builds, no .env is required.
|
|
#
|
|
# See docs/android-signing.md for the keystore generation ceremony, backup
|
|
# checklist, and rotation procedure.
|
|
|
|
# --- Android release signing -------------------------------------------------
|
|
# Absolute path to the .jks keystore on the host. The script bind-mounts this
|
|
# file read-only into the build container; it never enters the repo working
|
|
# tree. Keep the keystore (and its backups) outside the repo.
|
|
METASCRUB_KEYSTORE_FILE=/absolute/path/to/metascrub-release.jks
|
|
|
|
# Key alias used inside the keystore (the -alias passed to keytool -genkey).
|
|
METASCRUB_KEYSTORE_ALIAS=metascrub
|
|
|
|
# Store password and key password. Often identical; keep them distinct for
|
|
# defence in depth. Use a password manager — never paste these into chat,
|
|
# commit messages, or shell history (`HISTCONTROL=ignorespace` + leading space
|
|
# avoids the latter for one-off invocations).
|
|
METASCRUB_KEYSTORE_PASSWORD=change-me
|
|
METASCRUB_KEY_PASSWORD=change-me
|