Partly revert "build-debug: auto approve ci, manual builds need approval to sign trusted (#29)"

researchxxl · researchxxl · commit ea96459fb7ec · 2025-12-02T10:17:50.000+01:00
This partly reverts commit ae798b1.
diff --git a/.github/workflows/build-app.yaml b/.github/workflows/build-app.yaml
@@ -200,9 +200,11 @@ jobs:
           mkdir -p "$ANDROID_USER_HOME"
           
           if [ -n "${{ secrets.DEBUG_KEYSTORE_B64 }}" ]; then
+            echo "Using TRUSTED debug.keystore for builds from branches corresponding to this repository"
             echo '${{ secrets.DEBUG_KEYSTORE_B64 }}' | base64 -d > "${{ runner.temp }}/.android/debug.keystore"
           else
-            exit 1
+            cp "scripts/debug/debug.keystore.pub" "${{ runner.temp }}/.android/debug.keystore"
+            echo "Using UNTRUSTED PUBLIC debug.keystore for builds from forked repositories"
           fi
 
       - name: Build app
diff --git a/scripts/debug/debug.keystore.pub b/scripts/debug/debug.keystore.pub
diff --git a/wiki/Switch-between-releases_Verify-APK-is-genuine.md b/wiki/Switch-between-releases_Verify-APK-is-genuine.md
@@ -18,7 +18,7 @@ Syncthing-Fork "Wrapper for Syncthing" has these release channels:
 * * Certificate hash: x9QGpAqFQXg1+79ADsY1k0uBrj7+W1HF+PN3BunPZrM=
 * * Signing Certificate SHA256 fingerprint: <details>C7:D4:06:A4:0A:85:41:78:35:FB:BF:40:0E:C6:35:93:4B:81:AE:3E:FE:5B:51:C5:F8:F3:77:06:E9:CF:66:B3</details>
 * UNTRUSTED builds from contributors of forks:
-* * Debug builds triggered from potentially untrusted sources, e.g. fork repositories use a PUBLIC signing certificate. This offers NO security at all. The content of these builds is NOT authored NOR approved by this repository. They are offered for TESTING PURPOSES only and are NOT production ready.
+* * Debug builds triggered from potentially untrusted sources, e.g. fork repositories use a [PUBLIC signing certificate](https://github.com/researchxxl/syncthing-android/blob/main/scripts/debug/debug.keystore.pub). This offers NO security at all. The content of these builds is NOT authored NOR approved by this repository. They are offered for TESTING PURPOSES only and are NOT production ready.
 * * If they would not be signed by the same PUBLIC key, contributors who forked the app and opened a PR here would not be able to try out their contributed changes on their own phone or emulator by upgrading from their previous build as the CI build process would use a different debug signing key for each superseding build.
 * * Public UNTRUSTED key <details>Certificate hash: 0fTGzY6Ii7fxLbtKzA5t94Zid/ECP5Gj5w/s5xRLOGM=<br>SHA256 fingerprint: D1:F4:C6:CD:8E:88:8B:B7:F1:2D:BB:4A:CC:E:6D:F7:86:62:77:F1:2:3F:91:A3:E7:F:EC:E7:14:4B:38:63</details>
 
