diff options
| author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-01-25 14:21:34 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-26 22:31:58 +0000 |
| commit | bb971577ab308caf7177d4bda290d1fe5ab842db (patch) | |
| tree | 49c1811106a9b58717dcfd3c6fe4e4810341c1b3 /meta/recipes-core | |
| parent | aadb879e5b302e405e05443f56611c17868d10b6 (diff) | |
| download | poky-bb971577ab308caf7177d4bda290d1fe5ab842db.tar.gz | |
meta/lib: new module for handling GPG signing
Add a new Python module (oe.gpg_sign) for handling GPG signing
operations, i.e. currently package and package feed signing. The purpose
is to be able to more easily support various signing backends and to be
able to centralise signing functionality into one place (e.g. package
signing and sstate signing). Currently, only local signing with gpg is
implemented.
[YOCTO #8755]
(From OE-Core rev: 9b3dc1bd4b8336423a3f8f7db0ab5fa6fa0e7257)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index cc401f3b6c..d7aa79d49f 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb | |||
| @@ -20,26 +20,24 @@ do_populate_sysroot[noexec] = "1" | |||
| 20 | 20 | ||
| 21 | EXCLUDE_FROM_WORLD = "1" | 21 | EXCLUDE_FROM_WORLD = "1" |
| 22 | 22 | ||
| 23 | def export_gpg_pubkey(d, keyid, path): | ||
| 24 | import bb | ||
| 25 | gpg_bin = d.getVar('GPG_BIN', True) or \ | ||
| 26 | bb.utils.which(os.getenv('PATH'), "gpg") | ||
| 27 | cmd = '%s --batch --yes --export --armor -o %s %s' % \ | ||
| 28 | (gpg_bin, path, keyid) | ||
| 29 | status, output = oe.utils.getstatusoutput(cmd) | ||
| 30 | if status: | ||
| 31 | raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % | ||
| 32 | (keyid, output)) | ||
| 33 | 23 | ||
| 34 | python do_export_public_keys () { | 24 | python do_export_public_keys () { |
| 25 | from oe.gpg_sign import get_signer | ||
| 26 | |||
| 35 | if d.getVar("RPM_SIGN_PACKAGES", True): | 27 | if d.getVar("RPM_SIGN_PACKAGES", True): |
| 36 | # Export public key of the rpm signing key | 28 | # Export public key of the rpm signing key |
| 37 | export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True), | 29 | signer = get_signer(d, |
| 38 | d.getVar('RPM_GPG_PUBKEY', True)) | 30 | d.getVar('RPM_GPG_BACKEND', True), |
| 31 | d.getVar('RPM_GPG_NAME', True), | ||
| 32 | d.getVar('RPM_GPG_PASSPHRASE_FILE', True)) | ||
| 33 | signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True)) | ||
| 39 | 34 | ||
| 40 | if d.getVar('PACKAGE_FEED_SIGN', True) == '1': | 35 | if d.getVar('PACKAGE_FEED_SIGN', True) == '1': |
| 41 | # Export public key of the feed signing key | 36 | # Export public key of the feed signing key |
| 42 | export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True), | 37 | signer = get_signer(d, |
| 43 | d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) | 38 | d.getVar('PACKAGE_FEED_GPG_BACKEND', True), |
| 39 | d.getVar('PACKAGE_FEED_GPG_NAME', True), | ||
| 40 | d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True)) | ||
| 41 | signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) | ||
| 44 | } | 42 | } |
| 45 | addtask do_export_public_keys before do_build | 43 | addtask do_export_public_keys before do_build |