summaryrefslogtreecommitdiffstats
path: root/meta/lib
diff options
context:
space:
mode:
authorMarkus Lehtonen <markus.lehtonen@linux.intel.com>2017-08-15 14:34:54 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-08-16 00:03:15 +0100
commitefcecc318bc67212fd112deed45834f71038f957 (patch)
tree304638897ec2fa4f9846e2ccbd51dbed2cc97d25 /meta/lib
parentbc10e6b429ed36daf65aacb171d2120b00d7283c (diff)
downloadpoky-efcecc318bc67212fd112deed45834f71038f957.tar.gz
package_manager.py: enable dnf's repo_gpgcheck if feed signing is enabled
If package feed signing is enabled enable repo gpg signature check for rpm repositories added via PACKAGE_FEED_URIS. This has the implication that all repositories added via this mechanism must be signed with the same key. [YOCTO #11209] (From OE-Core rev: f7716f1de0791dfe778bb70f1769a7e1e83c7a54) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
-rw-r--r--meta/lib/oe/package_manager.py10
1 files changed, 8 insertions, 2 deletions
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 942f2dd903..d43d729203 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -559,6 +559,12 @@ class RpmPM(PackageManager):
559 if feed_uris == "": 559 if feed_uris == "":
560 return 560 return
561 561
562 if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
563 gpg_opts = 'repo_gpgcheck=1\n'
564 gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO_VERSION'))
565 else:
566 gpg_opts = ''
567
562 bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d")) 568 bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d"))
563 remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split()) 569 remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split())
564 for uri in remote_uris: 570 for uri in remote_uris:
@@ -569,12 +575,12 @@ class RpmPM(PackageManager):
569 repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/")) 575 repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/"))
570 repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/")) 576 repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/"))
571 open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write( 577 open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write(
572 "[%s]\nname=%s\nbaseurl=%s\n\n" % (repo_id, repo_name, repo_uri)) 578 "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts))
573 else: 579 else:
574 repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/")) 580 repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/"))
575 repo_uri = uri 581 repo_uri = uri
576 open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write( 582 open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write(
577 "[%s]\nname=%s\nbaseurl=%s\n" % (repo_base, repo_name, repo_uri)) 583 "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts))
578 584
579 def _prepare_pkg_transaction(self): 585 def _prepare_pkg_transaction(self):
580 os.environ['D'] = self.target_rootfs 586 os.environ['D'] = self.target_rootfs