diff options
Diffstat (limited to 'meta/classes/sign_rpm.bbclass')
-rw-r--r-- | meta/classes/sign_rpm.bbclass | 47 |
1 files changed, 11 insertions, 36 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 7906b6413b..8bcabeec91 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass | |||
@@ -5,6 +5,10 @@ | |||
5 | # Path to a file containing the passphrase of the signing key. | 5 | # Path to a file containing the passphrase of the signing key. |
6 | # RPM_GPG_NAME | 6 | # RPM_GPG_NAME |
7 | # Name of the key to sign with. May be key id or key name. | 7 | # Name of the key to sign with. May be key id or key name. |
8 | # RPM_GPG_BACKEND | ||
9 | # Optional variable for specifying the backend to use for signing. | ||
10 | # Currently the only available option is 'local', i.e. local signing | ||
11 | # on the build host. | ||
8 | # GPG_BIN | 12 | # GPG_BIN |
9 | # Optional variable for specifying the gpg binary/wrapper to use for | 13 | # Optional variable for specifying the gpg binary/wrapper to use for |
10 | # signing. | 14 | # signing. |
@@ -14,6 +18,7 @@ | |||
14 | inherit sanity | 18 | inherit sanity |
15 | 19 | ||
16 | RPM_SIGN_PACKAGES='1' | 20 | RPM_SIGN_PACKAGES='1' |
21 | RPM_GPG_BACKEND ?= 'local' | ||
17 | 22 | ||
18 | 23 | ||
19 | python () { | 24 | python () { |
@@ -27,47 +32,17 @@ python () { | |||
27 | 'RPM-GPG-PUBKEY')) | 32 | 'RPM-GPG-PUBKEY')) |
28 | } | 33 | } |
29 | 34 | ||
30 | |||
31 | def rpmsign_wrapper(d, files, passphrase, gpg_name=None): | ||
32 | import pexpect | ||
33 | |||
34 | # Find the correct rpm binary | ||
35 | rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm' | ||
36 | cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name | ||
37 | if d.getVar('GPG_BIN', True): | ||
38 | cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True) | ||
39 | if d.getVar('GPG_PATH', True): | ||
40 | cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True) | ||
41 | cmd += ' '.join(files) | ||
42 | |||
43 | # Need to use pexpect for feeding the passphrase | ||
44 | proc = pexpect.spawn(cmd) | ||
45 | try: | ||
46 | proc.expect_exact('Enter pass phrase:', timeout=15) | ||
47 | proc.sendline(passphrase) | ||
48 | proc.expect(pexpect.EOF, timeout=900) | ||
49 | proc.close() | ||
50 | except pexpect.TIMEOUT as err: | ||
51 | bb.warn('rpmsign timeout: %s' % err) | ||
52 | proc.terminate() | ||
53 | else: | ||
54 | if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status): | ||
55 | bb.warn('rpmsign failed: %s' % proc.before.strip()) | ||
56 | return proc.exitstatus | ||
57 | |||
58 | |||
59 | python sign_rpm () { | 35 | python sign_rpm () { |
60 | import glob | 36 | import glob |
37 | from oe.gpg_sign import get_signer | ||
61 | 38 | ||
62 | with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj: | 39 | signer = get_signer(d, |
63 | rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n') | 40 | d.getVar('RPM_GPG_BACKEND', True), |
64 | 41 | d.getVar('RPM_GPG_NAME', True), | |
65 | rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "") | 42 | d.getVar('RPM_GPG_PASSPHRASE_FILE', True)) |
66 | |||
67 | rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*') | 43 | rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*') |
68 | 44 | ||
69 | if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0: | 45 | signer.sign_rpms(rpms) |
70 | raise bb.build.FuncFailed("RPM signing failed") | ||
71 | } | 46 | } |
72 | 47 | ||
73 | do_package_index[depends] += "signing-keys:do_export_public_keys" | 48 | do_package_index[depends] += "signing-keys:do_export_public_keys" |