Local-only Android release signing, env-var driven. The maintainer keeps the .jks on their machine; CI age-encrypted-in-repo variant deferred to a follow-up. Adds signingConfigs.release reading 4 env vars (v1+v2+v3 enabled), scripts/build-apk-local.sh --release with .env auto-sourcing and --env-file secret handling, .env.sample template, root .gitignore for *.jks/*.keystore, peer-promoted Signed release APK section in docs/android-apk.md, and new docs/android-signing.md with the keystore ceremony, threat model, backup checklist, and rotation procedure. Closes #165.
328 lines
4.6 KiB
Text
328 lines
4.6 KiB
Text
# ELECTRON/NODE
|
|
node_modules
|
|
/dist
|
|
src/web/dev-dist/
|
|
.env
|
|
*.tgz
|
|
|
|
# MORE ELECTRON
|
|
.DS_Store
|
|
.env
|
|
.gclient_done
|
|
**/.npmrc
|
|
.tags*
|
|
.vs/
|
|
.vscode/
|
|
*.log
|
|
*.pyc
|
|
*.sln
|
|
*.swp
|
|
*.VC.db
|
|
*.VC.VC.opendb
|
|
*.vcxproj
|
|
*.vcxproj.filters
|
|
*.vcxproj.user
|
|
*.xcodeproj
|
|
/.idea/
|
|
/dist/
|
|
/external_binaries/
|
|
/out/
|
|
/vendor/.gclient
|
|
/vendor/debian_jessie_mips64-sysroot/
|
|
/vendor/debian_stretch_amd64-sysroot/
|
|
/vendor/debian_stretch_arm-sysroot/
|
|
/vendor/debian_stretch_arm64-sysroot/
|
|
/vendor/debian_stretch_i386-sysroot/
|
|
/vendor/gcc-4.8.3-d197-n64-loongson/
|
|
/vendor/readme-gcc483-loongson.txt
|
|
/vendor/download/
|
|
/vendor/llvm-build/
|
|
/vendor/llvm/
|
|
/vendor/npm/
|
|
/vendor/python_26/
|
|
/vendor/native_mksnapshot
|
|
/vendor/LICENSES.chromium.html
|
|
/vendor/pyyaml
|
|
node_modules/
|
|
SHASUMS256.txt
|
|
**/package-lock.json
|
|
compile_commands.json
|
|
.envrc
|
|
|
|
# npm package
|
|
/npm/dist
|
|
/npm/path.txt
|
|
|
|
.npmrc
|
|
|
|
# Generated API definitions
|
|
electron-api.json
|
|
electron.d.ts
|
|
|
|
# Spec hash calculation
|
|
spec/.hash
|
|
|
|
# Eslint Cache
|
|
.eslintcache
|
|
|
|
# Generated native addon files
|
|
/spec-main/fixtures/native-addon/echo/build/
|
|
|
|
# If someone runs tsc this is where stuff will end up
|
|
ts-gen
|
|
|
|
# Used to accelerate CI builds
|
|
.depshash
|
|
.depshash-target
|
|
|
|
#LINUX
|
|
#
|
|
# NOTE! Don't add files that are generated in specific
|
|
# subdirectories here. Add them in the ".gitignore" file
|
|
# in that subdirectory instead.
|
|
#
|
|
# NOTE! Please use 'git ls-files -i --exclude-standard'
|
|
# command after changing this file, to see if there are
|
|
# any tracked files which get ignored after the change.
|
|
#
|
|
# Normal rules (sorted alphabetically)
|
|
#
|
|
*.a
|
|
*.asn1.[ch]
|
|
*.bin
|
|
*.bz2
|
|
*.c.[012]*.*
|
|
*.dt.yaml
|
|
*.dtb
|
|
*.dtb.S
|
|
*.dwo
|
|
*.elf
|
|
*.gcno
|
|
*.gz
|
|
*.i
|
|
*.ko
|
|
*.lex.c
|
|
*.ll
|
|
*.lst
|
|
*.lz4
|
|
*.lzma
|
|
*.lzo
|
|
*.mod
|
|
*.mod.c
|
|
*.o
|
|
*.o.*
|
|
*.patch
|
|
*.s
|
|
*.so
|
|
*.so.dbg
|
|
*.su
|
|
*.symtypes
|
|
*.tab.[ch]
|
|
*.tar
|
|
*.xz
|
|
Module.symvers
|
|
modules.builtin
|
|
modules.order
|
|
|
|
#
|
|
# Top-level generic files
|
|
#
|
|
/tags
|
|
/TAGS
|
|
/linux
|
|
/vmlinux
|
|
/vmlinux.32
|
|
/vmlinux-gdb.py
|
|
/vmlinuz
|
|
/System.map
|
|
/Module.markers
|
|
/modules.builtin.modinfo
|
|
/modules.nsdeps
|
|
|
|
#
|
|
# RPM spec file (make rpm-pkg)
|
|
#
|
|
/*.spec
|
|
|
|
#
|
|
# Debian directory (make deb-pkg)
|
|
#
|
|
/debian/
|
|
|
|
#
|
|
# Snap directory (make snap-pkg)
|
|
#
|
|
/snap/
|
|
|
|
#
|
|
# tar directory (make tar*-pkg)
|
|
#
|
|
/tar-install/
|
|
|
|
#
|
|
# We don't want to ignore the following even if they are dot-files
|
|
#
|
|
!.clang-format
|
|
!.cocciconfig
|
|
!.get_maintainer.ignore
|
|
!.gitattributes
|
|
!.gitignore
|
|
!.mailmap
|
|
|
|
#
|
|
# Generated include files
|
|
#
|
|
/include/config/
|
|
/include/generated/
|
|
/include/ksym/
|
|
/arch/*/include/generated/
|
|
|
|
# stgit generated dirs
|
|
patches-*
|
|
|
|
# quilt's files
|
|
patches
|
|
series
|
|
|
|
# cscope files
|
|
cscope.*
|
|
ncscope.*
|
|
|
|
# gnu global files
|
|
GPATH
|
|
GRTAGS
|
|
GSYMS
|
|
GTAGS
|
|
|
|
# id-utils files
|
|
ID
|
|
|
|
*.orig
|
|
*~
|
|
\#*#
|
|
|
|
#
|
|
# Leavings from module signing
|
|
#
|
|
extra_certificates
|
|
signing_key.pem
|
|
signing_key.priv
|
|
signing_key.x509
|
|
x509.genkey
|
|
|
|
# Kconfig presets
|
|
/all.config
|
|
/alldef.config
|
|
/allmod.config
|
|
/allno.config
|
|
/allrandom.config
|
|
/allyes.config
|
|
|
|
# Kdevelop4
|
|
*.kdev4
|
|
|
|
# Clang's compilation database file
|
|
/compile_commands.json
|
|
|
|
|
|
# WINDOWS
|
|
# Windows thumbnail cache files
|
|
Thumbs.db
|
|
Thumbs.db:encryptable
|
|
ehthumbs.db
|
|
ehthumbs_vista.db
|
|
|
|
# Dump file
|
|
*.stackdump
|
|
|
|
# Folder config file
|
|
[Dd]esktop.ini
|
|
|
|
# Recycle Bin used on file shares
|
|
$RECYCLE.BIN/
|
|
|
|
# Windows Installer files
|
|
*.cab
|
|
*.msi
|
|
*.msix
|
|
*.msm
|
|
*.msp
|
|
|
|
# Windows shortcuts
|
|
*.lnk
|
|
|
|
|
|
# MAC
|
|
# General
|
|
.DS_Store
|
|
.AppleDouble
|
|
.LSOverride
|
|
|
|
# Icon must end with two \r
|
|
Icon
|
|
|
|
|
|
# Thumbnails
|
|
._*
|
|
|
|
# Files that might appear in the root of a volume
|
|
.DocumentRevisions-V100
|
|
.fseventsd
|
|
.Spotlight-V100
|
|
.TemporaryItems
|
|
.Trashes
|
|
.VolumeIcon.icns
|
|
.com.apple.timemachine.donotpresent
|
|
|
|
# Directories potentially created on remote AFP share
|
|
.AppleDB
|
|
.AppleDesktop
|
|
Network Trash Folder
|
|
Temporary Items
|
|
.apdisk
|
|
|
|
# git repo for ExifTool, used to pull down latest binary
|
|
gitignore
|
|
exiftool_downloads
|
|
|
|
yarn-error.log
|
|
|
|
|
|
# ExifTool binaries committed to git (required for CI, especially Windows which lacks Perl)
|
|
!.resources
|
|
!.resources/nix/
|
|
!.resources/nix/bin/
|
|
!.resources/nix/bin/**
|
|
!.resources/win/
|
|
!.resources/win/bin/
|
|
!.resources/win/bin/**
|
|
|
|
# Explicitly include GitHub Actions and config files
|
|
# that were being hit by the .gitignore rule .*
|
|
!.github/
|
|
|
|
# Explicitly include Prettier configuration
|
|
# that was being hit by the .gitignore rule .*
|
|
!.prettierrc
|
|
|
|
devplans
|
|
|
|
# Playwright
|
|
playwright-report/
|
|
test-results/
|
|
|
|
# Git worktrees
|
|
.worktrees/
|
|
|
|
# Superpowers brainstorming mockups
|
|
.superpowers/
|
|
|
|
# Local Docker build caches (see scripts/build-apk-local.sh)
|
|
.docker-cache/
|
|
|
|
# Android signing keystores — never committed at any path. android/.gitignore
|
|
# already has `*.jks` (matching any .jks under android/); this root-level rule
|
|
# catches a keystore generated outside android/ — e.g. from the repo root
|
|
# during the Phase 0 ceremony in docs/android-signing.md.
|
|
*.jks
|
|
*.keystore
|