diff options
Diffstat (limited to 'yocto-poky/meta/classes/sign_rpm.bbclass')
-rw-r--r-- | yocto-poky/meta/classes/sign_rpm.bbclass | 64 |
1 files changed, 22 insertions, 42 deletions
diff --git a/yocto-poky/meta/classes/sign_rpm.bbclass b/yocto-poky/meta/classes/sign_rpm.bbclass index f0c3dc9be..a8ea75faa 100644 --- a/yocto-poky/meta/classes/sign_rpm.bbclass +++ b/yocto-poky/meta/classes/sign_rpm.bbclass @@ -1,10 +1,14 @@ # Class for generating signed RPM packages. # # Configuration variables used by this class: -# RPM_GPG_PASSPHRASE_FILE -# Path to a file containing the passphrase of the signing key. +# RPM_GPG_PASSPHRASE +# The passphrase of the signing key. # RPM_GPG_NAME # Name of the key to sign with. May be key id or key name. +# RPM_GPG_BACKEND +# Optional variable for specifying the backend to use for signing. +# Currently the only available option is 'local', i.e. local signing +# on the build host. # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. @@ -14,60 +18,36 @@ inherit sanity RPM_SIGN_PACKAGES='1' +RPM_GPG_BACKEND ?= 'local' python () { + if d.getVar('RPM_GPG_PASSPHRASE_FILE', True): + raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d) # Check configuration - for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'): + for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): if not d.getVar(var, True): raise_sanity_error("You need to define %s in the config" % var, d) # Set the expected location of the public key - d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'), - 'RPM-GPG-PUBKEY')) + d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_DIR_TARGET', False), + d.getVar('sysconfdir', False), + 'pki', + 'rpm-gpg', + 'RPM-GPG-KEY-${DISTRO_VERSION}')) } - -def rpmsign_wrapper(d, files, passphrase, gpg_name=None): - import pexpect - - # Find the correct rpm binary - rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm' - cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name - if d.getVar('GPG_BIN', True): - cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True) - if d.getVar('GPG_PATH', True): - cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True) - cmd += ' '.join(files) - - # Need to use pexpect for feeding the passphrase - proc = pexpect.spawn(cmd) - try: - proc.expect_exact('Enter pass phrase:', timeout=15) - proc.sendline(passphrase) - proc.expect(pexpect.EOF, timeout=900) - proc.close() - except pexpect.TIMEOUT as err: - bb.warn('rpmsign timeout: %s' % err) - proc.terminate() - else: - if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status): - bb.warn('rpmsign failed: %s' % proc.before.strip()) - return proc.exitstatus - - python sign_rpm () { import glob + from oe.gpg_sign import get_signer - with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj: - rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n') - - rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "") - + signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*') - if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0: - raise bb.build.FuncFailed("RPM signing failed") + signer.sign_rpms(rpms, + d.getVar('RPM_GPG_NAME', True), + d.getVar('RPM_GPG_PASSPHRASE', True)) } -do_package_index[depends] += "signing-keys:do_export_public_keys" +do_package_index[depends] += "signing-keys:do_deploy" +do_rootfs[depends] += "signing-keys:do_populate_sysroot" |