summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkus Lehtonen <markus.lehtonen@linux.intel.com>2016-02-10 16:15:59 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-19 01:01:25 +0000
commit46994837731b198d869e8f274343c824e480801d (patch)
treed1d90623b33a2785f6ed1755b2f913d7ec8e90b3
parentdb7c7c2eceda534d0205c6d4eaf09fd192193fb7 (diff)
downloadpoky-46994837731b198d869e8f274343c824e480801d.tar.gz
sstate.bbclass: use oe.gpg_sign for gpg signing
[YOCTO #9006] (From OE-Core rev: a3916b29c8c3d0b1570c40c0ed3a1a15c43925bb) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/sstate.bbclass38
1 files changed, 17 insertions, 21 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index a6cda6c34f..6c20f69c57 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -269,23 +269,10 @@ def sstate_install(ss, d):
269sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" 269sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
270sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" 270sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"
271 271
272def sstate_build_gpg_command(d, *args, **kwargs):
273 # Returns a list for subprocess.call() unless passed flatten=True when this
274 # returns a flattened string.
275 l = [d.getVar("GPG_BIN", True) or "gpg"]
276 if d.getVar("GPG_PATH", True):
277 l += ["--homedir", d.getVar("GPG_PATH", True)]
278 l += args
279
280 if kwargs.get("flatten", False):
281 import pipes
282 return " ".join(map(pipes.quote, l))
283 else:
284 return l
285
286def sstate_installpkg(ss, d): 272def sstate_installpkg(ss, d):
287 import oe.path 273 import oe.path
288 import subprocess 274 import subprocess
275 from oe.gpg_sign import get_signer
289 276
290 def prepdir(dir): 277 def prepdir(dir):
291 # remove dir if it exists, ensure any parent directories do exist 278 # remove dir if it exists, ensure any parent directories do exist
@@ -311,7 +298,8 @@ def sstate_installpkg(ss, d):
311 d.setVar('SSTATE_PKG', sstatepkg) 298 d.setVar('SSTATE_PKG', sstatepkg)
312 299
313 if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): 300 if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False):
314 if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0: 301 signer = get_signer(d, 'local')
302 if not signer.verify(sstatepkg + '.sig'):
315 bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) 303 bb.warn("Cannot verify signature on sstate package %s" % sstatepkg)
316 304
317 for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): 305 for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
@@ -586,7 +574,8 @@ def sstate_package(ss, d):
586 d.setVar('SSTATE_BUILDDIR', sstatebuild) 574 d.setVar('SSTATE_BUILDDIR', sstatebuild)
587 d.setVar('SSTATE_PKG', sstatepkg) 575 d.setVar('SSTATE_PKG', sstatepkg)
588 576
589 for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + ['sstate_create_package'] + \ 577 for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + \
578 ['sstate_create_package', 'sstate_sign_package'] + \
590 (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split(): 579 (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split():
591 # All hooks should run in SSTATE_BUILDDIR. 580 # All hooks should run in SSTATE_BUILDDIR.
592 bb.build.exec_func(f, d, (sstatebuild,)) 581 bb.build.exec_func(f, d, (sstatebuild,))
@@ -690,15 +679,22 @@ sstate_create_package () {
690 chmod 0664 $TFILE 679 chmod 0664 $TFILE
691 mv -f $TFILE ${SSTATE_PKG} 680 mv -f $TFILE ${SSTATE_PKG}
692 681
693 if [ -n "${SSTATE_SIG_KEY}" ]; then
694 rm -f ${SSTATE_PKG}.sig
695 echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)}
696 fi
697
698 cd ${WORKDIR} 682 cd ${WORKDIR}
699 rm -rf ${SSTATE_BUILDDIR} 683 rm -rf ${SSTATE_BUILDDIR}
700} 684}
701 685
686python sstate_sign_package () {
687 from oe.gpg_sign import get_signer
688
689 if d.getVar('SSTATE_SIG_KEY', True):
690 signer = get_signer(d, 'local')
691 sstate_pkg = d.getVar('SSTATE_PKG', True)
692 if os.path.exists(sstate_pkg + '.sig'):
693 os.unlink(sstate_pkg + '.sig')
694 signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY'), None,
695 d.getVar('SSTATE_SIG_PASSPHRASE'), armor=False)
696}
697
702# 698#
703# Shell function to decompress and prepare a package for installation 699# Shell function to decompress and prepare a package for installation
704# Will be run from within SSTATE_INSTDIR. 700# Will be run from within SSTATE_INSTDIR.