1 files changed, 11 insertions, 36 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 7906b6413b..8bcabeec91 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -5,6 +5,10 @@
 #           Path to a file containing the passphrase of the signing key.
 # RPM_GPG_NAME
 #           Name of the key to sign with. May be key id or key name.
+# RPM_GPG_BACKEND
+#           Optional variable for specifying the backend to use for signing.
+#           Currently the only available option is 'local', i.e. local signing
+#           on the build host.
 # GPG_BIN
 #           Optional variable for specifying the gpg binary/wrapper to use for
 #           signing.
@@ -14,6 +18,7 @@
 inherit sanity
 RPM_SIGN_PACKAGES='1'
+RPM_GPG_BACKEND ?= 'local'
 python () {
@@ -27,47 +32,17 @@ python () {
                                            'RPM-GPG-PUBKEY'))
 }
-def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
-    import pexpect
-    # Find the correct rpm binary
-    rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
-    cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
-    if d.getVar('GPG_BIN', True):
-        cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
-    if d.getVar('GPG_PATH', True):
-        cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True)
-    cmd += ' '.join(files)
-    # Need to use pexpect for feeding the passphrase
-    proc = pexpect.spawn(cmd)
-    try:
-        proc.expect_exact('Enter pass phrase:', timeout=15)
-        proc.sendline(passphrase)
-        proc.expect(pexpect.EOF, timeout=900)
-        proc.close()
-    except pexpect.TIMEOUT as err:
-        bb.warn('rpmsign timeout: %s' % err)
-        proc.terminate()
-    else:
-        if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
-            bb.warn('rpmsign failed: %s' % proc.before.strip())
-    return proc.exitstatus
 python sign_rpm () {
    import glob
+    from oe.gpg_sign import get_signer
-    with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:
+    signer = get_signer(d,
-        rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
+                        d.getVar('RPM_GPG_BACKEND', True),
+                        d.getVar('RPM_GPG_NAME', True),
-    rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")
+                        d.getVar('RPM_GPG_PASSPHRASE_FILE', True))
    rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
-    if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
+    signer.sign_rpms(rpms)
-        raise bb.build.FuncFailed("RPM signing failed")
 }
 do_package_index[depends] += "signing-keys:do_export_public_keys"

diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 7906b6413b..8bcabeec91 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass
@@ -5,6 +5,10 @@
5	# Path to a file containing the passphrase of the signing key.	5	# Path to a file containing the passphrase of the signing key.
6	# RPM_GPG_NAME	6	# RPM_GPG_NAME
7	# Name of the key to sign with. May be key id or key name.	7	# Name of the key to sign with. May be key id or key name.
		8	# RPM_GPG_BACKEND
		9	# Optional variable for specifying the backend to use for signing.
		10	# Currently the only available option is 'local', i.e. local signing
		11	# on the build host.
8	# GPG_BIN	12	# GPG_BIN
9	# Optional variable for specifying the gpg binary/wrapper to use for	13	# Optional variable for specifying the gpg binary/wrapper to use for
10	# signing.	14	# signing.
@@ -14,6 +18,7 @@
14	inherit sanity	18	inherit sanity
15		19
16	RPM_SIGN_PACKAGES='1'	20	RPM_SIGN_PACKAGES='1'
		21	RPM_GPG_BACKEND ?= 'local'
17		22
18		23
19	python () {	24	python () {
@@ -27,47 +32,17 @@ python () {
27	'RPM-GPG-PUBKEY'))	32	'RPM-GPG-PUBKEY'))
28	}	33	}
29		34
30
31	def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
32	import pexpect
33
34	# Find the correct rpm binary
35	rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
36	cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
37	if d.getVar('GPG_BIN', True):
38	cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
39	if d.getVar('GPG_PATH', True):
40	cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True)
41	cmd += ' '.join(files)
42
43	# Need to use pexpect for feeding the passphrase
44	proc = pexpect.spawn(cmd)
45	try:
46	proc.expect_exact('Enter pass phrase:', timeout=15)
47	proc.sendline(passphrase)
48	proc.expect(pexpect.EOF, timeout=900)
49	proc.close()
50	except pexpect.TIMEOUT as err:
51	bb.warn('rpmsign timeout: %s' % err)
52	proc.terminate()
53	else:
54	if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
55	bb.warn('rpmsign failed: %s' % proc.before.strip())
56	return proc.exitstatus
57
58
59	python sign_rpm () {	35	python sign_rpm () {
60	import glob	36	import glob
		37	from oe.gpg_sign import get_signer
61		38
62	with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:	39	signer = get_signer(d,
63	rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')	40	d.getVar('RPM_GPG_BACKEND', True),
64		41	d.getVar('RPM_GPG_NAME', True),
65	rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")	42	d.getVar('RPM_GPG_PASSPHRASE_FILE', True))
66
67	rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')	43	rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
68		44
69	if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:	45	signer.sign_rpms(rpms)
70	raise bb.build.FuncFailed("RPM signing failed")
71	}	46	}
72		47
73	do_package_index[depends] += "signing-keys:do_export_public_keys"	48	do_package_index[depends] += "signing-keys:do_export_public_keys"