diff options
author | Ross Burton <ross.burton@intel.com> | 2015-10-24 01:02:34 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:50:26 +0000 |
commit | 59b27d558febc42e5f127a7f27f6c0de73a61e30 (patch) | |
tree | 2c126bdb6635b9b4ae5c3550c023b6ed86504d4c | |
parent | 4415dc5cdda9a9ca18e5202309c1dadcb013b1dc (diff) | |
download | poky-59b27d558febc42e5f127a7f27f6c0de73a61e30.tar.gz |
sstate: respect GPG_BIN and GPG_HOME
The package feed signing code supports the user providing the path to the gpg
binary and an alternative gpg 'home' (usually ~/.gnupg), which are useful for
both deployment and QA purposes.
Factor out the gpg command line construction to a function which can fetch both
of these variables, and also use pipes.quote() to sanitise the arguments when
used in a shell context.
[ YOCTO #8559 ]
(From OE-Core rev: 6daf138822bbbc46960121d3b76b42eaf19e7c0e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/sstate.bbclass | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index d09e27aee4..ba18f54428 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass | |||
@@ -268,6 +268,20 @@ def sstate_install(ss, d): | |||
268 | sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" | 268 | sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" |
269 | sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" | 269 | sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" |
270 | 270 | ||
271 | def sstate_build_gpg_command(d, *args, **kwargs): | ||
272 | # Returns a list for subprocess.call() unless passed flatten=True when this | ||
273 | # returns a flattened string. | ||
274 | l = [d.getVar("GPG_BIN", True) or "gpg"] | ||
275 | if d.getVar("GPG_PATH", True): | ||
276 | l += ["--homedir", d.getVar("GPG_PATH", True)] | ||
277 | l += args | ||
278 | |||
279 | if kwargs.get("flatten", False): | ||
280 | import pipes | ||
281 | return " ".join(map(pipes.quote, l)) | ||
282 | else: | ||
283 | return l | ||
284 | |||
271 | def sstate_installpkg(ss, d): | 285 | def sstate_installpkg(ss, d): |
272 | import oe.path | 286 | import oe.path |
273 | import subprocess | 287 | import subprocess |
@@ -296,7 +310,7 @@ def sstate_installpkg(ss, d): | |||
296 | d.setVar('SSTATE_PKG', sstatepkg) | 310 | d.setVar('SSTATE_PKG', sstatepkg) |
297 | 311 | ||
298 | if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): | 312 | if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): |
299 | if subprocess.call(["gpg", "--verify", sstatepkg + ".sig", sstatepkg]) != 0: | 313 | if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0: |
300 | bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) | 314 | bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) |
301 | 315 | ||
302 | for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): | 316 | for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): |
@@ -672,12 +686,12 @@ sstate_create_package () { | |||
672 | else | 686 | else |
673 | tar -cz --file=$TFILE --files-from=/dev/null | 687 | tar -cz --file=$TFILE --files-from=/dev/null |
674 | fi | 688 | fi |
675 | chmod 0664 $TFILE | 689 | chmod 0664 $TFILE |
676 | mv -f $TFILE ${SSTATE_PKG} | 690 | mv -f $TFILE ${SSTATE_PKG} |
677 | 691 | ||
678 | if [ -n "${SSTATE_SIG_KEY}" ]; then | 692 | if [ -n "${SSTATE_SIG_KEY}" ]; then |
679 | rm -f ${SSTATE_PKG}.sig | 693 | rm -f ${SSTATE_PKG}.sig |
680 | echo ${SSTATE_SIG_PASSPHRASE} | gpg --batch --passphrase-fd 0 --detach-sign --local-user ${SSTATE_SIG_KEY} --output ${SSTATE_PKG}.sig ${SSTATE_PKG} | 694 | echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)} |
681 | fi | 695 | fi |
682 | 696 | ||
683 | cd ${WORKDIR} | 697 | cd ${WORKDIR} |