sign_package_feed: add feed signature type

Signing package feeds will default to ascii armored signatures (ASC) the other option being binary (BIN). This is for both rpm and ipk backends. (From OE-Core rev: 862a3892feb2628282e1d6f2e4498a7a3bd60cbf) Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> 2016-03-10 12:03:00 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-11 16:50:45 +0000
commit: 81d58d6b2415e5e74e00b3b9f1fa43fdd8b146ca (patch)
tree: df3d795f494cd8828ea9f996cfe9747820228b71
parent: 42f612c42a8b6cb73a16798d22d3332ec9c8dfb3 (diff)
download: poky-81d58d6b2415e5e74e00b3b9f1fa43fdd8b146ca.tar.gz
2 files changed, 19 insertions, 3 deletions
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass
index e1ec82e2ff..31a6e9b042 100644
--- a/meta/classes/sign_package_feed.bbclass
+++ b/meta/classes/sign_package_feed.bbclass
@@ -10,6 +10,12 @@
 #           Optional variable for specifying the backend to use for signing.
 #           Currently the only available option is 'local', i.e. local signing
 #           on the build host.
+# PACKAGE_FEED_GPG_SIGNATURE_TYPE
+#           Optional variable for specifying the type of gpg signature, can be:
+#               1. Ascii armored (ASC), default if not set
+#               2. Binary (BIN)
+#           This variable is only available for IPK feeds. It is ignored on
+#           other packaging backends.
 # GPG_BIN
 #           Optional variable for specifying the gpg binary/wrapper to use for
 #           signing.
@@ -20,13 +26,17 @@ inherit sanity
 PACKAGE_FEED_SIGN = '1'
 PACKAGE_FEED_GPG_BACKEND ?= 'local'
+PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC'
 python () {
    # Check sanity of configuration
    for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
        if not d.getVar(var, True):
            raise_sanity_error("You need to define %s in the config" % var, d)
+    sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE", True)
+    if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
+        raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype)
 }
 do_package_index[depends] += "signing-keys:do_deploy"
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 25c38a5642..607e7c6eaa 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -141,9 +141,12 @@ class RpmIndexer(Indexer):
        # Sign repomd
        if signer:
            for repomd in repomd_files:
+                feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE', True)
+                is_ascii_sig = (feed_sig_type.upper() != "BIN")
                signer.detach_sign(repomd,
                                   self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
-                                   self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
+                                   self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
+                                   armor=is_ascii_sig)
 class OpkgIndexer(Indexer):
@@ -192,10 +195,13 @@ class OpkgIndexer(Indexer):
            bb.fatal('%s' % ('\n'.join(result)))
        if signer:
+            feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE', True)
+            is_ascii_sig = (feed_sig_type.upper() != "BIN")
            for f in index_sign_files:
                signer.detach_sign(f,
                                   self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
-                                   self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
+                                   self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
+                                   armor=is_ascii_sig)
 class DpkgIndexer(Indexer):
author	Ioan-Adrian Ratiu <adrian.ratiu@ni.com>	2016-03-10 12:03:00 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-03-11 16:50:45 +0000
commit	81d58d6b2415e5e74e00b3b9f1fa43fdd8b146ca (patch)
tree	df3d795f494cd8828ea9f996cfe9747820228b71
parent	42f612c42a8b6cb73a16798d22d3332ec9c8dfb3 (diff)
download	poky-81d58d6b2415e5e74e00b3b9f1fa43fdd8b146ca.tar.gz

diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass index e1ec82e2ff..31a6e9b042 100644 --- a/meta/classes/sign_package_feed.bbclass +++ b/meta/classes/sign_package_feed.bbclass
@@ -10,6 +10,12 @@
10	# Optional variable for specifying the backend to use for signing.	10	# Optional variable for specifying the backend to use for signing.
11	# Currently the only available option is 'local', i.e. local signing	11	# Currently the only available option is 'local', i.e. local signing
12	# on the build host.	12	# on the build host.
		13	# PACKAGE_FEED_GPG_SIGNATURE_TYPE
		14	# Optional variable for specifying the type of gpg signature, can be:
		15	# 1. Ascii armored (ASC), default if not set
		16	# 2. Binary (BIN)
		17	# This variable is only available for IPK feeds. It is ignored on
		18	# other packaging backends.
13	# GPG_BIN	19	# GPG_BIN
14	# Optional variable for specifying the gpg binary/wrapper to use for	20	# Optional variable for specifying the gpg binary/wrapper to use for
15	# signing.	21	# signing.
@@ -20,13 +26,17 @@ inherit sanity
20		26
21	PACKAGE_FEED_SIGN = '1'	27	PACKAGE_FEED_SIGN = '1'
22	PACKAGE_FEED_GPG_BACKEND ?= 'local'	28	PACKAGE_FEED_GPG_BACKEND ?= 'local'
23		29	PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC'
24		30
25	python () {	31	python () {
26	# Check sanity of configuration	32	# Check sanity of configuration
27	for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):	33	for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
28	if not d.getVar(var, True):	34	if not d.getVar(var, True):
29	raise_sanity_error("You need to define %s in the config" % var, d)	35	raise_sanity_error("You need to define %s in the config" % var, d)
		36
		37	sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE", True)
		38	if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
		39	raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype)
30	}	40	}
31		41
32	do_package_index[depends] += "signing-keys:do_deploy"	42	do_package_index[depends] += "signing-keys:do_deploy"


diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 25c38a5642..607e7c6eaa 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py
@@ -141,9 +141,12 @@ class RpmIndexer(Indexer):
141	# Sign repomd	141	# Sign repomd
142	if signer:	142	if signer:
143	for repomd in repomd_files:	143	for repomd in repomd_files:
		144	feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE', True)
		145	is_ascii_sig = (feed_sig_type.upper() != "BIN")
144	signer.detach_sign(repomd,	146	signer.detach_sign(repomd,
145	self.d.getVar('PACKAGE_FEED_GPG_NAME', True),	147	self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
146	self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))	148	self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
		149	armor=is_ascii_sig)
147		150
148		151
149	class OpkgIndexer(Indexer):	152	class OpkgIndexer(Indexer):
@@ -192,10 +195,13 @@ class OpkgIndexer(Indexer):
192	bb.fatal('%s' % ('\n'.join(result)))	195	bb.fatal('%s' % ('\n'.join(result)))
193		196
194	if signer:	197	if signer:
		198	feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE', True)
		199	is_ascii_sig = (feed_sig_type.upper() != "BIN")
195	for f in index_sign_files:	200	for f in index_sign_files:
196	signer.detach_sign(f,	201	signer.detach_sign(f,
197	self.d.getVar('PACKAGE_FEED_GPG_NAME', True),	202	self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
198	self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))	203	self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
		204	armor=is_ascii_sig)
199		205
200		206
201	class DpkgIndexer(Indexer):	207	class DpkgIndexer(Indexer):