diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2017-08-15 14:34:54 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-16 00:03:15 +0100 |
commit | efcecc318bc67212fd112deed45834f71038f957 (patch) | |
tree | 304638897ec2fa4f9846e2ccbd51dbed2cc97d25 /meta | |
parent | bc10e6b429ed36daf65aacb171d2120b00d7283c (diff) | |
download | poky-efcecc318bc67212fd112deed45834f71038f957.tar.gz |
package_manager.py: enable dnf's repo_gpgcheck if feed signing is enabled
If package feed signing is enabled enable repo gpg signature check for
rpm repositories added via PACKAGE_FEED_URIS. This has the implication
that all repositories added via this mechanism must be signed with the
same key.
[YOCTO #11209]
(From OE-Core rev: f7716f1de0791dfe778bb70f1769a7e1e83c7a54)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/lib/oe/package_manager.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 942f2dd903..d43d729203 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py | |||
@@ -559,6 +559,12 @@ class RpmPM(PackageManager): | |||
559 | if feed_uris == "": | 559 | if feed_uris == "": |
560 | return | 560 | return |
561 | 561 | ||
562 | if self.d.getVar('PACKAGE_FEED_SIGN') == '1': | ||
563 | gpg_opts = 'repo_gpgcheck=1\n' | ||
564 | gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO_VERSION')) | ||
565 | else: | ||
566 | gpg_opts = '' | ||
567 | |||
562 | bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d")) | 568 | bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d")) |
563 | remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split()) | 569 | remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split()) |
564 | for uri in remote_uris: | 570 | for uri in remote_uris: |
@@ -569,12 +575,12 @@ class RpmPM(PackageManager): | |||
569 | repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/")) | 575 | repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/")) |
570 | repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/")) | 576 | repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/")) |
571 | open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write( | 577 | open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write( |
572 | "[%s]\nname=%s\nbaseurl=%s\n\n" % (repo_id, repo_name, repo_uri)) | 578 | "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts)) |
573 | else: | 579 | else: |
574 | repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/")) | 580 | repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/")) |
575 | repo_uri = uri | 581 | repo_uri = uri |
576 | open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write( | 582 | open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write( |
577 | "[%s]\nname=%s\nbaseurl=%s\n" % (repo_base, repo_name, repo_uri)) | 583 | "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts)) |
578 | 584 | ||
579 | def _prepare_pkg_transaction(self): | 585 | def _prepare_pkg_transaction(self): |
580 | os.environ['D'] = self.target_rootfs | 586 | os.environ['D'] = self.target_rootfs |