diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-02-10 16:15:58 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-19 01:01:25 +0000 |
commit | db7c7c2eceda534d0205c6d4eaf09fd192193fb7 (patch) | |
tree | 3184609dd0a6f130306b83d0ab10654a66aa5c9b /meta | |
parent | e845b75f8fc718765158a858cfe904c575315f45 (diff) | |
download | poky-db7c7c2eceda534d0205c6d4eaf09fd192193fb7.tar.gz |
oe/gpg_sign: add 'passphrase' argument to detach_sign method
This allows directly giving the passphrase, instead of reading from a
file.
[YOCTO #9006]
(From OE-Core rev: fd55c6e86b38b33f62006324e73678a13a534220)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/lib/oe/gpg_sign.py | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index c4cadd6a24..ada1b2f408 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py | |||
@@ -50,20 +50,30 @@ class LocalSigner(object): | |||
50 | bb.error('rpmsign failed: %s' % proc.before.strip()) | 50 | bb.error('rpmsign failed: %s' % proc.before.strip()) |
51 | raise bb.build.FuncFailed("Failed to sign RPM packages") | 51 | raise bb.build.FuncFailed("Failed to sign RPM packages") |
52 | 52 | ||
53 | def detach_sign(self, input_file, keyid, passphrase_file, armor=True): | 53 | def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True): |
54 | """Create a detached signature of a file""" | 54 | """Create a detached signature of a file""" |
55 | cmd = "%s --detach-sign --batch --no-tty --yes " \ | 55 | import subprocess |
56 | "--passphrase-file '%s' -u '%s' " % \ | 56 | |
57 | (self.gpg_bin, passphrase_file, keyid) | 57 | if passphrase_file and passphrase: |
58 | raise Exception("You should use either passphrase_file of passphrase, not both") | ||
59 | |||
60 | cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes', | ||
61 | '-u', keyid] | ||
62 | if passphrase_file: | ||
63 | cmd += ['--passphrase-file', passphrase_file] | ||
64 | else: | ||
65 | cmd += ['--passphrase-fd', '0'] | ||
58 | if self.gpg_path: | 66 | if self.gpg_path: |
59 | cmd += "--homedir %s " % self.gpg_path | 67 | cmd += ['--homedir', self.gpg_path] |
60 | if armor: | 68 | if armor: |
61 | cmd += "--armor " | 69 | cmd += ['--armor'] |
62 | cmd += input_file | 70 | cmd.append(input_file) |
63 | status, output = oe.utils.getstatusoutput(cmd) | 71 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, |
64 | if status: | 72 | stderr=subprocess.PIPE) |
73 | _, stderr = job.communicate(passphrase) | ||
74 | if job.returncode: | ||
65 | raise bb.build.FuncFailed("Failed to create signature for '%s': %s" % | 75 | raise bb.build.FuncFailed("Failed to create signature for '%s': %s" % |
66 | (input_file, output)) | 76 | (input_file, stderr)) |
67 | 77 | ||
68 | def verify(self, sig_file): | 78 | def verify(self, sig_file): |
69 | """Verify signature""" | 79 | """Verify signature""" |