gpg_sign.py: fix signing of rpm files using gpg

This means a) calling rpmkeys and rpmsign instead of rpm b) instructing gpg to run non-interactively; otherwise on my machine it pops up windows requesting a key passphrase (From OE-Core rev: f82f270df2da59702026721612563aea57cd77eb) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alexander.kanavin@linux.intel.com> 2017-02-14 17:10:04 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-14 14:42:17 +0000
commit: 5a3e1290cbdeef4a8820201d78460a617ee638bd (patch)
tree: fd24762454a9ac0bbe6f46ac4add43e0d11de36c /meta
parent: f72bc777fa20422c8eaee5b592e9fe1f856623cd (diff)
download: poky-5a3e1290cbdeef4a8820201d78460a617ee638bd.tar.gz
2 files changed, 8 insertions, 7 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index f7f96c6d5e..7ce767ee0a 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -11,7 +11,7 @@ class LocalSigner(object):
                  bb.utils.which(os.getenv('PATH'), 'gpg')
        self.gpg_path = d.getVar('GPG_PATH')
        self.gpg_version = self.get_gpg_version()
-        self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm")
+        self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmsign")
    def export_pubkey(self, output_file, keyid, armor=True):
        """Export GPG public key to a file"""
@@ -31,9 +31,10 @@ class LocalSigner(object):
        """Sign RPM files"""
        cmd = self.rpm_bin + " --addsign --define '_gpg_name %s'  " % keyid
-        cmd += "--define '_gpg_passphrase %s' " % passphrase
+        gpg_args = '--batch --passphrase=%s' % passphrase
        if self.gpg_version > (2,1,):
-            cmd += "--define '_gpg_sign_cmd_extra_args --pinentry-mode=loopback' "
+            gpg_args += ' --pinentry-mode=loopback'
+        cmd += "--define '_gpg_sign_cmd_extra_args %s' " % gpg_args
        if self.gpg_bin:
            cmd += "--define '%%__gpg %s' " % self.gpg_bin
        if self.gpg_path:
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index 006afbef15..a9b135aab4 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -27,7 +27,7 @@ class Signing(oeSelfTest):
        cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
        cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
-        runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
+        runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
    @testcase(1362)
    def test_signing_packages(self):
@@ -76,13 +76,13 @@ class Signing(oeSelfTest):
        # Use a temporary rpmdb
        rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb')
-        runCmd('%s/rpm --define "_dbpath %s" --import %s' %
+        runCmd('%s/rpmkeys --define "_dbpath %s" --import %s' %
               (staging_bindir_native, rpmdb, self.pub_key_path))
-        ret = runCmd('%s/rpm --define "_dbpath %s" --checksig %s' %
+        ret = runCmd('%s/rpmkeys --define "_dbpath %s" --checksig %s' %
                     (staging_bindir_native, rpmdb, pkg_deploy))
        # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
-        self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.')
+        self.assertIn('rsa sha1 (md5) pgp md5 OK', ret.output, 'Package signed incorrectly.')
        shutil.rmtree(rpmdb)
    @testcase(1382)
author	Alexander Kanavin <alexander.kanavin@linux.intel.com>	2017-02-14 17:10:04 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-14 14:42:17 +0000
commit	5a3e1290cbdeef4a8820201d78460a617ee638bd (patch)
tree	fd24762454a9ac0bbe6f46ac4add43e0d11de36c /meta
parent	f72bc777fa20422c8eaee5b592e9fe1f856623cd (diff)
download	poky-5a3e1290cbdeef4a8820201d78460a617ee638bd.tar.gz