diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2015-10-16 13:37:32 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-10-27 07:24:25 +0000 |
commit | 787253fd4efcd18d46b3bcf794e3d54a93ef9f19 (patch) | |
tree | 6df91b6462ed8abd0eef94ad0f6f896eecc6e695 /meta/classes | |
parent | 579e2547b857e2973c5fff3b14066ea4d79b1268 (diff) | |
download | poky-787253fd4efcd18d46b3bcf794e3d54a93ef9f19.tar.gz |
package signing: automatically export public keys
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.
(From OE-Core rev: 23b30c34581948e1ea02c25cbf7b9194d7e49fb8)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/sign_package_feed.bbclass | 7 | ||||
-rw-r--r-- | meta/classes/sign_rpm.bbclass | 9 |
2 files changed, 13 insertions, 3 deletions
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass index 8877d905f7..4263810028 100644 --- a/meta/classes/sign_package_feed.bbclass +++ b/meta/classes/sign_package_feed.bbclass | |||
@@ -21,4 +21,11 @@ python () { | |||
21 | for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'): | 21 | for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'): |
22 | if not d.getVar(var, True): | 22 | if not d.getVar(var, True): |
23 | raise_sanity_error("You need to define %s in the config" % var, d) | 23 | raise_sanity_error("You need to define %s in the config" % var, d) |
24 | |||
25 | # Set expected location of the public key | ||
26 | d.setVar('PACKAGE_FEED_GPG_PUBKEY', | ||
27 | os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'), | ||
28 | 'PACKAGE-FEED-GPG-PUBKEY')) | ||
24 | } | 29 | } |
30 | |||
31 | do_package_index[depends] += "signing-keys:do_export_public_keys" | ||
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 4da17633a7..f0c3dc9be3 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass | |||
@@ -5,9 +5,6 @@ | |||
5 | # Path to a file containing the passphrase of the signing key. | 5 | # Path to a file containing the passphrase of the signing key. |
6 | # RPM_GPG_NAME | 6 | # RPM_GPG_NAME |
7 | # Name of the key to sign with. May be key id or key name. | 7 | # Name of the key to sign with. May be key id or key name. |
8 | # RPM_GPG_PUBKEY | ||
9 | # Path to a file containing the public key (in "armor" format) | ||
10 | # corresponding the signing key. | ||
11 | # GPG_BIN | 8 | # GPG_BIN |
12 | # Optional variable for specifying the gpg binary/wrapper to use for | 9 | # Optional variable for specifying the gpg binary/wrapper to use for |
13 | # signing. | 10 | # signing. |
@@ -24,6 +21,10 @@ python () { | |||
24 | for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'): | 21 | for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'): |
25 | if not d.getVar(var, True): | 22 | if not d.getVar(var, True): |
26 | raise_sanity_error("You need to define %s in the config" % var, d) | 23 | raise_sanity_error("You need to define %s in the config" % var, d) |
24 | |||
25 | # Set the expected location of the public key | ||
26 | d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'), | ||
27 | 'RPM-GPG-PUBKEY')) | ||
27 | } | 28 | } |
28 | 29 | ||
29 | 30 | ||
@@ -68,3 +69,5 @@ python sign_rpm () { | |||
68 | if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0: | 69 | if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0: |
69 | raise bb.build.FuncFailed("RPM signing failed") | 70 | raise bb.build.FuncFailed("RPM signing failed") |
70 | } | 71 | } |
72 | |||
73 | do_package_index[depends] += "signing-keys:do_export_public_keys" | ||