summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorRandy Witt <randy.e.witt@linux.intel.com>2016-02-19 08:45:25 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-26 17:16:25 +0000
commit7bb9e8ddbfabfbaebe1b3cb635b6d9979854cc47 (patch)
tree2255b9e26f87d9aab9c92fe9f76d44f2ef421e8f /meta/recipes-core
parent64ab17b707dc431aaed880d6d8615971243f46f8 (diff)
downloadpoky-7bb9e8ddbfabfbaebe1b3cb635b6d9979854cc47.tar.gz
signing-keys: Make signing keys the only publisher of keys
Previously the keys were put into the os-release package. The package indexing code was also deploying the keys rather than only using the keys. This change makes signing-keys.bb the only publisher of the keys and also uses standard tasks that already have sstate. (From OE-Core rev: 1e38068ac38dfd067655dfd41464e28439179306) Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/meta/signing-keys.bb61
-rw-r--r--meta/recipes-core/os-release/os-release.bb11
2 files changed, 43 insertions, 29 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
index d7763c664e..1d0e8344ef 100644
--- a/meta/recipes-core/meta/signing-keys.bb
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -3,37 +3,62 @@
3 3
4DESCRIPTION = "Make public keys of the signing keys available" 4DESCRIPTION = "Make public keys of the signing keys available"
5LICENSE = "MIT" 5LICENSE = "MIT"
6PACKAGES = "" 6LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
7 7 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
8do_fetch[noexec] = "1" 8
9do_unpack[noexec] = "1" 9
10do_patch[noexec] = "1" 10inherit allarch deploy
11do_configure[noexec] = "1"
12do_compile[noexec] = "1"
13do_install[noexec] = "1"
14do_package[noexec] = "1"
15do_packagedata[noexec] = "1"
16do_package_write_ipk[noexec] = "1"
17do_package_write_rpm[noexec] = "1"
18do_package_write_deb[noexec] = "1"
19do_populate_sysroot[noexec] = "1"
20 11
21EXCLUDE_FROM_WORLD = "1" 12EXCLUDE_FROM_WORLD = "1"
13INHIBIT_DEFAULT_DEPS = "1"
14
15PACKAGES =+ "${PN}-rpm ${PN}-packagefeed"
22 16
17FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
18FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
23 19
24python do_export_public_keys () { 20python do_get_public_keys () {
25 from oe.gpg_sign import get_signer 21 from oe.gpg_sign import get_signer
26 22
27 if d.getVar("RPM_SIGN_PACKAGES", True): 23 if d.getVar("RPM_SIGN_PACKAGES", True):
28 # Export public key of the rpm signing key 24 # Export public key of the rpm signing key
29 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) 25 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
30 signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True), 26 signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
31 d.getVar('RPM_GPG_NAME', True)) 27 d.getVar('RPM_GPG_NAME', True))
32 28
33 if d.getVar('PACKAGE_FEED_SIGN', True) == '1': 29 if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
34 # Export public key of the feed signing key 30 # Export public key of the feed signing key
35 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) 31 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
36 signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True), 32 signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
37 d.getVar('PACKAGE_FEED_GPG_NAME', True)) 33 d.getVar('PACKAGE_FEED_GPG_NAME', True))
38} 34}
39addtask do_export_public_keys before do_build 35do_get_public_keys[cleandirs] = "${B}"
36addtask get_public_keys before do_install
37
38do_install () {
39 if [ -f "${B}/rpm-key" ]; then
40 install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}"
41 fi
42 if [ -f "${B}/pf-key" ]; then
43 install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
44 fi
45}
46
47sysroot_stage_all_append () {
48 sysroot_stage_dir ${D}${sysconfdir}/pki ${SYSROOT_DESTDIR}${sysconfdir}/pki
49}
50
51do_deploy () {
52 if [ -f "${B}/rpm-key" ]; then
53 install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}"
54 fi
55 if [ -f "${B}/pf-key" ]; then
56 install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
57 fi
58}
59do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
60# cleandirs should possibly be in deploy.bbclass but we need it
61do_deploy[cleandirs] = "${DEPLOYDIR}"
62# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass
63do_deploy[stamp-extra-info] = ""
64addtask deploy after do_get_public_keys
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index df19ca216f..58364ea249 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -30,21 +30,10 @@ python do_compile () {
30 value = d.getVar(field, True) 30 value = d.getVar(field, True)
31 if value: 31 if value:
32 f.write('{0}="{1}"\n'.format(field, value)) 32 f.write('{0}="{1}"\n'.format(field, value))
33 if d.getVar('RPM_SIGN_PACKAGES', True) == '1':
34 rpm_gpg_pubkey = d.getVar('RPM_GPG_PUBKEY', True)
35 bb.utils.mkdirhier('${B}/rpm-gpg')
36 distro_version = d.getVar('DISTRO_VERSION', True) or "oe.0"
37 shutil.copy2(rpm_gpg_pubkey, d.expand('${B}/rpm-gpg/RPM-GPG-KEY-%s' % distro_version))
38} 33}
39do_compile[vardeps] += "${OS_RELEASE_FIELDS}" 34do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
40do_compile[depends] += "signing-keys:do_export_public_keys"
41 35
42do_install () { 36do_install () {
43 install -d ${D}${sysconfdir} 37 install -d ${D}${sysconfdir}
44 install -m 0644 os-release ${D}${sysconfdir}/ 38 install -m 0644 os-release ${D}${sysconfdir}/
45
46 if [ -d "rpm-gpg" ]; then
47 install -d "${D}${sysconfdir}/pki"
48 cp -r "rpm-gpg" "${D}${sysconfdir}/pki/"
49 fi
50} 39}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-20 19:55:17 +0000