Currently the resigning script is designed to automatically download dependencies and required files, which makes it easy to use but requires the VM running it to have networking enabled.
This creates a slight risk of someone MITMing the connections and then exploiting bugs in the SSL implementations to gain control of the machine and steal the keys.
Ideally we should split the script and the Qubes setup so that there are (optionally) three VMs: one that downloads the files with networking support, one that resigns without network, and one that either serves the files or that uploads them via ssh (the latter also requires a change).
Note that you can currently run resign-android-image without network as long as you manually download things and put them in the right places, but there is no automation support for that.
Currently the resigning script is designed to automatically download dependencies and required files, which makes it easy to use but requires the VM running it to have networking enabled.
This creates a slight risk of someone MITMing the connections and then exploiting bugs in the SSL implementations to gain control of the machine and steal the keys.
Ideally we should split the script and the Qubes setup so that there are (optionally) three VMs: one that downloads the files with networking support, one that resigns without network, and one that either serves the files or that uploads them via ssh (the latter also requires a change).
Note that you can currently run resign-android-image without network as long as you manually download things and put them in the right places, but there is no automation support for that.