diff options
| author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2015-10-16 13:37:32 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-10-27 07:24:25 +0000 |
| commit | 787253fd4efcd18d46b3bcf794e3d54a93ef9f19 (patch) | |
| tree | 6df91b6462ed8abd0eef94ad0f6f896eecc6e695 /meta/recipes-core/meta | |
| parent | 579e2547b857e2973c5fff3b14066ea4d79b1268 (diff) | |
| download | poky-787253fd4efcd18d46b3bcf794e3d54a93ef9f19.tar.gz | |
package signing: automatically export public keys
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.
(From OE-Core rev: 23b30c34581948e1ea02c25cbf7b9194d7e49fb8)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/meta')
| -rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb new file mode 100644 index 0000000000..cc401f3b6c --- /dev/null +++ b/meta/recipes-core/meta/signing-keys.bb | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | # Copyright (C) 2015 Intel Corporation | ||
| 2 | # Released under the MIT license (see COPYING.MIT for the terms) | ||
| 3 | |||
| 4 | DESCRIPTION = "Make public keys of the signing keys available" | ||
| 5 | LICENSE = "MIT" | ||
| 6 | PACKAGES = "" | ||
| 7 | |||
| 8 | do_fetch[noexec] = "1" | ||
| 9 | do_unpack[noexec] = "1" | ||
| 10 | do_patch[noexec] = "1" | ||
| 11 | do_configure[noexec] = "1" | ||
| 12 | do_compile[noexec] = "1" | ||
| 13 | do_install[noexec] = "1" | ||
| 14 | do_package[noexec] = "1" | ||
| 15 | do_packagedata[noexec] = "1" | ||
| 16 | do_package_write_ipk[noexec] = "1" | ||
| 17 | do_package_write_rpm[noexec] = "1" | ||
| 18 | do_package_write_deb[noexec] = "1" | ||
| 19 | do_populate_sysroot[noexec] = "1" | ||
| 20 | |||
| 21 | EXCLUDE_FROM_WORLD = "1" | ||
| 22 | |||
| 23 | def export_gpg_pubkey(d, keyid, path): | ||
| 24 | import bb | ||
| 25 | gpg_bin = d.getVar('GPG_BIN', True) or \ | ||
| 26 | bb.utils.which(os.getenv('PATH'), "gpg") | ||
| 27 | cmd = '%s --batch --yes --export --armor -o %s %s' % \ | ||
| 28 | (gpg_bin, path, keyid) | ||
| 29 | status, output = oe.utils.getstatusoutput(cmd) | ||
| 30 | if status: | ||
| 31 | raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % | ||
| 32 | (keyid, output)) | ||
| 33 | |||
| 34 | python do_export_public_keys () { | ||
| 35 | if d.getVar("RPM_SIGN_PACKAGES", True): | ||
| 36 | # Export public key of the rpm signing key | ||
| 37 | export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True), | ||
| 38 | d.getVar('RPM_GPG_PUBKEY', True)) | ||
| 39 | |||
| 40 | if d.getVar('PACKAGE_FEED_SIGN', True) == '1': | ||
| 41 | # Export public key of the feed signing key | ||
| 42 | export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True), | ||
| 43 | d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) | ||
| 44 | } | ||
| 45 | addtask do_export_public_keys before do_build | ||