summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2015-10-24 01:02:34 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-11-24 15:50:26 +0000
commit59b27d558febc42e5f127a7f27f6c0de73a61e30 (patch)
tree2c126bdb6635b9b4ae5c3550c023b6ed86504d4c
parent4415dc5cdda9a9ca18e5202309c1dadcb013b1dc (diff)
downloadpoky-59b27d558febc42e5f127a7f27f6c0de73a61e30.tar.gz
sstate: respect GPG_BIN and GPG_HOME
The package feed signing code supports the user providing the path to the gpg binary and an alternative gpg 'home' (usually ~/.gnupg), which are useful for both deployment and QA purposes. Factor out the gpg command line construction to a function which can fetch both of these variables, and also use pipes.quote() to sanitise the arguments when used in a shell context. [ YOCTO #8559 ] (From OE-Core rev: 6daf138822bbbc46960121d3b76b42eaf19e7c0e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/sstate.bbclass20
1 files changed, 17 insertions, 3 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index d09e27aee4..ba18f54428 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -268,6 +268,20 @@ def sstate_install(ss, d):
268sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" 268sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
269sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" 269sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"
270 270
271def sstate_build_gpg_command(d, *args, **kwargs):
272 # Returns a list for subprocess.call() unless passed flatten=True when this
273 # returns a flattened string.
274 l = [d.getVar("GPG_BIN", True) or "gpg"]
275 if d.getVar("GPG_PATH", True):
276 l += ["--homedir", d.getVar("GPG_PATH", True)]
277 l += args
278
279 if kwargs.get("flatten", False):
280 import pipes
281 return " ".join(map(pipes.quote, l))
282 else:
283 return l
284
271def sstate_installpkg(ss, d): 285def sstate_installpkg(ss, d):
272 import oe.path 286 import oe.path
273 import subprocess 287 import subprocess
@@ -296,7 +310,7 @@ def sstate_installpkg(ss, d):
296 d.setVar('SSTATE_PKG', sstatepkg) 310 d.setVar('SSTATE_PKG', sstatepkg)
297 311
298 if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): 312 if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False):
299 if subprocess.call(["gpg", "--verify", sstatepkg + ".sig", sstatepkg]) != 0: 313 if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0:
300 bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) 314 bb.warn("Cannot verify signature on sstate package %s" % sstatepkg)
301 315
302 for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): 316 for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
@@ -672,12 +686,12 @@ sstate_create_package () {
672 else 686 else
673 tar -cz --file=$TFILE --files-from=/dev/null 687 tar -cz --file=$TFILE --files-from=/dev/null
674 fi 688 fi
675 chmod 0664 $TFILE 689 chmod 0664 $TFILE
676 mv -f $TFILE ${SSTATE_PKG} 690 mv -f $TFILE ${SSTATE_PKG}
677 691
678 if [ -n "${SSTATE_SIG_KEY}" ]; then 692 if [ -n "${SSTATE_SIG_KEY}" ]; then
679 rm -f ${SSTATE_PKG}.sig 693 rm -f ${SSTATE_PKG}.sig
680 echo ${SSTATE_SIG_PASSPHRASE} | gpg --batch --passphrase-fd 0 --detach-sign --local-user ${SSTATE_SIG_KEY} --output ${SSTATE_PKG}.sig ${SSTATE_PKG} 694 echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)}
681 fi 695 fi
682 696
683 cd ${WORKDIR} 697 cd ${WORKDIR}