diff options
| author | Paul Barker <paul@paulbarker.me.uk> | 2014-12-21 13:26:27 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-03 14:53:56 +0000 |
| commit | d8f0011c23a6b8441323974acc70b08c81cfefbd (patch) | |
| tree | 9c663cbe87423fb35a10f71af3487abbe90c270c | |
| parent | 9d3e44df2958976fdcaf92a9cfa911f68870194b (diff) | |
| download | poky-d8f0011c23a6b8441323974acc70b08c81cfefbd.tar.gz | |
opkg-keyrings: New recipe
This recipe wraps package and package feed verification keys into a package,
making the management and deployment of verification keys much easier. Comments
on how to select keys for inclusion in this package are provided in the recipe
file.
(From OE-Core rev: 2104111edc85d057eb4fadecd007f5c592803da6)
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb new file mode 100644 index 0000000000..18d6abdded --- /dev/null +++ b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | SUMMARY = "Keyrings for verifying opkg packages and feeds" | ||
| 2 | LICENSE = "MIT" | ||
| 3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
| 4 | |||
| 5 | # Distro-specific keys can be added to this package in two ways: | ||
| 6 | # | ||
| 7 | # 1) In a .bbappend, add .gpg and/or .asc files to SRC_URI and install them to | ||
| 8 | # ${D}${datadir}/opkg/keyrings/ in a do_install_append function. These | ||
| 9 | # files should not be named 'key-$name.gpg' to ensure they don't conflict | ||
| 10 | # with keys exported as per (2). | ||
| 11 | # | ||
| 12 | # 2) In a .bbappend, distro config or local.conf, override the variable | ||
| 13 | # OPKG_KEYRING_KEYS to contain a space-separated list of key names. For | ||
| 14 | # each name, 'gpg --export $name' will be ran to export the public key to a | ||
| 15 | # file named 'key-$name.gpg'. The public key must therefore be in the gpg | ||
| 16 | # keyrings on the build machine. | ||
| 17 | |||
| 18 | OPKG_KEYRING_KEYS ?= "" | ||
| 19 | |||
| 20 | do_compile() { | ||
| 21 | for name in ${OPKG_KEYRING_KEYS}; do | ||
| 22 | gpg --export ${name} > ${B}/key-${name}.gpg | ||
| 23 | done | ||
| 24 | } | ||
| 25 | |||
| 26 | do_install () { | ||
| 27 | install -d ${D}${datadir}/opkg/keyrings/ | ||
| 28 | for name in ${OPKG_KEYRING_KEYS}; do | ||
| 29 | install -m 0644 ${B}/key-${name}.gpg ${D}${datadir}/opkg/keyrings/ | ||
| 30 | done | ||
| 31 | } | ||
| 32 | |||
| 33 | FILES_${PN} = "${datadir}/opkg/keyrings" | ||
| 34 | |||
| 35 | # We need 'opkg-key' to run the postinst script | ||
| 36 | RDEPENDS_${PN} = "opkg" | ||
| 37 | |||
| 38 | pkg_postinst_${PN} () { | ||
| 39 | #! /bin/sh | ||
| 40 | set -e | ||
| 41 | |||
| 42 | if [ x"$D" = "x" ]; then | ||
| 43 | # On target | ||
| 44 | opkg-key populate | ||
| 45 | else | ||
| 46 | exit 1 | ||
| 47 | fi | ||
| 48 | } | ||