summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2017-02-14 17:10:04 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-14 14:42:17 +0000
commit5a3e1290cbdeef4a8820201d78460a617ee638bd (patch)
treefd24762454a9ac0bbe6f46ac4add43e0d11de36c
parentf72bc777fa20422c8eaee5b592e9fe1f856623cd (diff)
downloadpoky-5a3e1290cbdeef4a8820201d78460a617ee638bd.tar.gz
gpg_sign.py: fix signing of rpm files using gpg
This means a) calling rpmkeys and rpmsign instead of rpm b) instructing gpg to run non-interactively; otherwise on my machine it pops up windows requesting a key passphrase (From OE-Core rev: f82f270df2da59702026721612563aea57cd77eb) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/lib/oe/gpg_sign.py7
-rw-r--r--meta/lib/oeqa/selftest/signing.py8
2 files changed, 8 insertions, 7 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index f7f96c6d5e..7ce767ee0a 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -11,7 +11,7 @@ class LocalSigner(object):
11 bb.utils.which(os.getenv('PATH'), 'gpg') 11 bb.utils.which(os.getenv('PATH'), 'gpg')
12 self.gpg_path = d.getVar('GPG_PATH') 12 self.gpg_path = d.getVar('GPG_PATH')
13 self.gpg_version = self.get_gpg_version() 13 self.gpg_version = self.get_gpg_version()
14 self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm") 14 self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmsign")
15 15
16 def export_pubkey(self, output_file, keyid, armor=True): 16 def export_pubkey(self, output_file, keyid, armor=True):
17 """Export GPG public key to a file""" 17 """Export GPG public key to a file"""
@@ -31,9 +31,10 @@ class LocalSigner(object):
31 """Sign RPM files""" 31 """Sign RPM files"""
32 32
33 cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid 33 cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid
34 cmd += "--define '_gpg_passphrase %s' " % passphrase 34 gpg_args = '--batch --passphrase=%s' % passphrase
35 if self.gpg_version > (2,1,): 35 if self.gpg_version > (2,1,):
36 cmd += "--define '_gpg_sign_cmd_extra_args --pinentry-mode=loopback' " 36 gpg_args += ' --pinentry-mode=loopback'
37 cmd += "--define '_gpg_sign_cmd_extra_args %s' " % gpg_args
37 if self.gpg_bin: 38 if self.gpg_bin:
38 cmd += "--define '%%__gpg %s' " % self.gpg_bin 39 cmd += "--define '%%__gpg %s' " % self.gpg_bin
39 if self.gpg_path: 40 if self.gpg_path:
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index 006afbef15..a9b135aab4 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -27,7 +27,7 @@ class Signing(oeSelfTest):
27 cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub") 27 cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
28 cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret") 28 cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
29 29
30 runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path)) 30 runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
31 31
32 @testcase(1362) 32 @testcase(1362)
33 def test_signing_packages(self): 33 def test_signing_packages(self):
@@ -76,13 +76,13 @@ class Signing(oeSelfTest):
76 # Use a temporary rpmdb 76 # Use a temporary rpmdb
77 rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb') 77 rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb')
78 78
79 runCmd('%s/rpm --define "_dbpath %s" --import %s' % 79 runCmd('%s/rpmkeys --define "_dbpath %s" --import %s' %
80 (staging_bindir_native, rpmdb, self.pub_key_path)) 80 (staging_bindir_native, rpmdb, self.pub_key_path))
81 81
82 ret = runCmd('%s/rpm --define "_dbpath %s" --checksig %s' % 82 ret = runCmd('%s/rpmkeys --define "_dbpath %s" --checksig %s' %
83 (staging_bindir_native, rpmdb, pkg_deploy)) 83 (staging_bindir_native, rpmdb, pkg_deploy))
84 # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK 84 # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
85 self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') 85 self.assertIn('rsa sha1 (md5) pgp md5 OK', ret.output, 'Package signed incorrectly.')
86 shutil.rmtree(rpmdb) 86 shutil.rmtree(rpmdb)
87 87
88 @testcase(1382) 88 @testcase(1382)