diff options
Diffstat (limited to 'yocto-poky/meta/recipes-core/meta/signing-keys.bb')
-rw-r--r-- | yocto-poky/meta/recipes-core/meta/signing-keys.bb | 94 |
1 files changed, 63 insertions, 31 deletions
diff --git a/yocto-poky/meta/recipes-core/meta/signing-keys.bb b/yocto-poky/meta/recipes-core/meta/signing-keys.bb index cc401f3b6..e843301b2 100644 --- a/yocto-poky/meta/recipes-core/meta/signing-keys.bb +++ b/yocto-poky/meta/recipes-core/meta/signing-keys.bb @@ -3,43 +3,75 @@ DESCRIPTION = "Make public keys of the signing keys available" LICENSE = "MIT" -PACKAGES = "" - -do_fetch[noexec] = "1" -do_unpack[noexec] = "1" -do_patch[noexec] = "1" -do_configure[noexec] = "1" -do_compile[noexec] = "1" -do_install[noexec] = "1" -do_package[noexec] = "1" -do_packagedata[noexec] = "1" -do_package_write_ipk[noexec] = "1" -do_package_write_rpm[noexec] = "1" -do_package_write_deb[noexec] = "1" -do_populate_sysroot[noexec] = "1" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + + +inherit allarch deploy EXCLUDE_FROM_WORLD = "1" +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed" + +FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg" +FILES_${PN}-ipk = "${sysconfdir}/pki/ipk-gpg" +FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg" + +python do_get_public_keys () { + from oe.gpg_sign import get_signer -def export_gpg_pubkey(d, keyid, path): - import bb - gpg_bin = d.getVar('GPG_BIN', True) or \ - bb.utils.which(os.getenv('PATH'), "gpg") - cmd = '%s --batch --yes --export --armor -o %s %s' % \ - (gpg_bin, path, keyid) - status, output = oe.utils.getstatusoutput(cmd) - if status: - raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % - (keyid, output)) - -python do_export_public_keys () { if d.getVar("RPM_SIGN_PACKAGES", True): # Export public key of the rpm signing key - export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True), - d.getVar('RPM_GPG_PUBKEY', True)) + signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'), + d.getVar('RPM_GPG_NAME', True)) + + if d.getVar("IPK_SIGN_PACKAGES", True): + # Export public key of the ipk signing key + signer = get_signer(d, d.getVar('IPK_GPG_BACKEND', True)) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'), + d.getVar('IPK_GPG_NAME', True)) if d.getVar('PACKAGE_FEED_SIGN', True) == '1': # Export public key of the feed signing key - export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True), - d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) + signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'), + d.getVar('PACKAGE_FEED_GPG_NAME', True)) +} +do_get_public_keys[cleandirs] = "${B}" +addtask get_public_keys before do_install + +do_install () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/ipk-key" ]; then + install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi +} + +sysroot_stage_all_append () { + sysroot_stage_dir ${D}${sysconfdir}/pki ${SYSROOT_DESTDIR}${sysconfdir}/pki +} + +do_deploy () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/ipk-key" ]; then + install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi } -addtask do_export_public_keys before do_build +do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}" +# cleandirs should possibly be in deploy.bbclass but we need it +do_deploy[cleandirs] = "${DEPLOYDIR}" +# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass +do_deploy[stamp-extra-info] = "" +addtask deploy after do_get_public_keys |