diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-02-10 16:15:57 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-19 01:01:25 +0000 |
commit | e845b75f8fc718765158a858cfe904c575315f45 (patch) | |
tree | a456ad2949d45e46a9f886717eb02c3c822aa90c /meta/lib | |
parent | d5be8666a1f429283e8200ef67f1fc3afa587c4f (diff) | |
download | poky-e845b75f8fc718765158a858cfe904c575315f45.tar.gz |
sign_rpm.bbclass: do not store key details in signer instance
Refactor the LocalSigner class. Do not store keyid or passphrase file in
the signer object as they are only needed for some of the methods. For
example, the newly added verify() method does not need any key
parameters and export_pubkey only uses keyid.
(From OE-Core rev: e2412294b6b1d3a80ee97a0706613349edc51d33)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
-rw-r--r-- | meta/lib/oe/gpg_sign.py | 24 | ||||
-rw-r--r-- | meta/lib/oe/package_manager.py | 9 |
2 files changed, 15 insertions, 18 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 16a23645b6..c4cadd6a24 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py | |||
@@ -6,31 +6,29 @@ import oe.utils | |||
6 | 6 | ||
7 | class LocalSigner(object): | 7 | class LocalSigner(object): |
8 | """Class for handling local (on the build host) signing""" | 8 | """Class for handling local (on the build host) signing""" |
9 | def __init__(self, d, keyid, passphrase_file): | 9 | def __init__(self, d): |
10 | self.keyid = keyid | ||
11 | self.passphrase_file = passphrase_file | ||
12 | self.gpg_bin = d.getVar('GPG_BIN', True) or \ | 10 | self.gpg_bin = d.getVar('GPG_BIN', True) or \ |
13 | bb.utils.which(os.getenv('PATH'), 'gpg') | 11 | bb.utils.which(os.getenv('PATH'), 'gpg') |
14 | self.gpg_path = d.getVar('GPG_PATH', True) | 12 | self.gpg_path = d.getVar('GPG_PATH', True) |
15 | self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm") | 13 | self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm") |
16 | 14 | ||
17 | def export_pubkey(self, output_file): | 15 | def export_pubkey(self, output_file, keyid): |
18 | """Export GPG public key to a file""" | 16 | """Export GPG public key to a file""" |
19 | cmd = '%s --batch --yes --export --armor -o %s ' % \ | 17 | cmd = '%s --batch --yes --export --armor -o %s ' % \ |
20 | (self.gpg_bin, output_file) | 18 | (self.gpg_bin, output_file) |
21 | if self.gpg_path: | 19 | if self.gpg_path: |
22 | cmd += "--homedir %s " % self.gpg_path | 20 | cmd += "--homedir %s " % self.gpg_path |
23 | cmd += self.keyid | 21 | cmd += keyid |
24 | status, output = oe.utils.getstatusoutput(cmd) | 22 | status, output = oe.utils.getstatusoutput(cmd) |
25 | if status: | 23 | if status: |
26 | raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % | 24 | raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % |
27 | (self.keyid, output)) | 25 | (keyid, output)) |
28 | 26 | ||
29 | def sign_rpms(self, files): | 27 | def sign_rpms(self, files, keyid, passphrase_file): |
30 | """Sign RPM files""" | 28 | """Sign RPM files""" |
31 | import pexpect | 29 | import pexpect |
32 | 30 | ||
33 | cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % self.keyid | 31 | cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid |
34 | if self.gpg_bin: | 32 | if self.gpg_bin: |
35 | cmd += "--define '%%__gpg %s' " % self.gpg_bin | 33 | cmd += "--define '%%__gpg %s' " % self.gpg_bin |
36 | if self.gpg_path: | 34 | if self.gpg_path: |
@@ -41,7 +39,7 @@ class LocalSigner(object): | |||
41 | proc = pexpect.spawn(cmd) | 39 | proc = pexpect.spawn(cmd) |
42 | try: | 40 | try: |
43 | proc.expect_exact('Enter pass phrase:', timeout=15) | 41 | proc.expect_exact('Enter pass phrase:', timeout=15) |
44 | with open(self.passphrase_file) as fobj: | 42 | with open(passphrase_file) as fobj: |
45 | proc.sendline(fobj.readline().rstrip('\n')) | 43 | proc.sendline(fobj.readline().rstrip('\n')) |
46 | proc.expect(pexpect.EOF, timeout=900) | 44 | proc.expect(pexpect.EOF, timeout=900) |
47 | proc.close() | 45 | proc.close() |
@@ -52,11 +50,11 @@ class LocalSigner(object): | |||
52 | bb.error('rpmsign failed: %s' % proc.before.strip()) | 50 | bb.error('rpmsign failed: %s' % proc.before.strip()) |
53 | raise bb.build.FuncFailed("Failed to sign RPM packages") | 51 | raise bb.build.FuncFailed("Failed to sign RPM packages") |
54 | 52 | ||
55 | def detach_sign(self, input_file, armor=True): | 53 | def detach_sign(self, input_file, keyid, passphrase_file, armor=True): |
56 | """Create a detached signature of a file""" | 54 | """Create a detached signature of a file""" |
57 | cmd = "%s --detach-sign --batch --no-tty --yes " \ | 55 | cmd = "%s --detach-sign --batch --no-tty --yes " \ |
58 | "--passphrase-file '%s' -u '%s' " % \ | 56 | "--passphrase-file '%s' -u '%s' " % \ |
59 | (self.gpg_bin, self.passphrase_file, self.keyid) | 57 | (self.gpg_bin, passphrase_file, keyid) |
60 | if self.gpg_path: | 58 | if self.gpg_path: |
61 | cmd += "--homedir %s " % self.gpg_path | 59 | cmd += "--homedir %s " % self.gpg_path |
62 | if armor: | 60 | if armor: |
@@ -78,11 +76,11 @@ class LocalSigner(object): | |||
78 | return ret | 76 | return ret |
79 | 77 | ||
80 | 78 | ||
81 | def get_signer(d, backend, keyid, passphrase_file): | 79 | def get_signer(d, backend): |
82 | """Get signer object for the specified backend""" | 80 | """Get signer object for the specified backend""" |
83 | # Use local signing by default | 81 | # Use local signing by default |
84 | if backend == 'local': | 82 | if backend == 'local': |
85 | return LocalSigner(d, keyid, passphrase_file) | 83 | return LocalSigner(d) |
86 | else: | 84 | else: |
87 | bb.fatal("Unsupported signing backend '%s'" % backend) | 85 | bb.fatal("Unsupported signing backend '%s'" % backend) |
88 | 86 | ||
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 26f6466ed1..b30a4da057 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py | |||
@@ -110,10 +110,7 @@ class RpmIndexer(Indexer): | |||
110 | 110 | ||
111 | rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo") | 111 | rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo") |
112 | if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': | 112 | if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': |
113 | signer = get_signer(self.d, | 113 | signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) |
114 | self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True), | ||
115 | self.d.getVar('PACKAGE_FEED_GPG_NAME', True), | ||
116 | self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True)) | ||
117 | else: | 114 | else: |
118 | signer = None | 115 | signer = None |
119 | index_cmds = [] | 116 | index_cmds = [] |
@@ -144,7 +141,9 @@ class RpmIndexer(Indexer): | |||
144 | # Sign repomd | 141 | # Sign repomd |
145 | if signer: | 142 | if signer: |
146 | for repomd in repomd_files: | 143 | for repomd in repomd_files: |
147 | signer.detach_sign(repomd) | 144 | signer.detach_sign(repomd, |
145 | self.d.getVar('PACKAGE_FEED_GPG_NAME', True), | ||
146 | self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True)) | ||
148 | # Copy pubkey(s) to repo | 147 | # Copy pubkey(s) to repo |
149 | distro_version = self.d.getVar('DISTRO_VERSION', True) or "oe.0" | 148 | distro_version = self.d.getVar('DISTRO_VERSION', True) or "oe.0" |
150 | if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1': | 149 | if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1': |