diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/lib/oe/gpg_sign.py | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 613dab8561..ede6186c84 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py | |||
@@ -5,11 +5,12 @@ | |||
5 | # | 5 | # |
6 | 6 | ||
7 | """Helper module for GPG signing""" | 7 | """Helper module for GPG signing""" |
8 | import os | ||
9 | 8 | ||
10 | import bb | 9 | import bb |
11 | import subprocess | 10 | import os |
12 | import shlex | 11 | import shlex |
12 | import subprocess | ||
13 | import tempfile | ||
13 | 14 | ||
14 | class LocalSigner(object): | 15 | class LocalSigner(object): |
15 | """Class for handling local (on the build host) signing""" | 16 | """Class for handling local (on the build host) signing""" |
@@ -73,8 +74,6 @@ class LocalSigner(object): | |||
73 | cmd += ['--homedir', self.gpg_path] | 74 | cmd += ['--homedir', self.gpg_path] |
74 | if armor: | 75 | if armor: |
75 | cmd += ['--armor'] | 76 | cmd += ['--armor'] |
76 | if output_suffix: | ||
77 | cmd += ['-o', input_file + "." + output_suffix] | ||
78 | if use_sha256: | 77 | if use_sha256: |
79 | cmd += ['--digest-algo', "SHA256"] | 78 | cmd += ['--digest-algo', "SHA256"] |
80 | 79 | ||
@@ -83,19 +82,27 @@ class LocalSigner(object): | |||
83 | if self.gpg_version > (2,1,): | 82 | if self.gpg_version > (2,1,): |
84 | cmd += ['--pinentry-mode', 'loopback'] | 83 | cmd += ['--pinentry-mode', 'loopback'] |
85 | 84 | ||
86 | cmd += [input_file] | ||
87 | |||
88 | try: | 85 | try: |
89 | if passphrase_file: | 86 | if passphrase_file: |
90 | with open(passphrase_file) as fobj: | 87 | with open(passphrase_file) as fobj: |
91 | passphrase = fobj.readline(); | 88 | passphrase = fobj.readline(); |
92 | 89 | ||
93 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) | 90 | if not output_suffix: |
94 | (_, stderr) = job.communicate(passphrase.encode("utf-8")) | 91 | output_suffix = 'asc' if armor else 'sig' |
92 | output_file = input_file + "." + output_suffix | ||
93 | with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir: | ||
94 | tmp_file = os.path.join(tmp_dir, os.path.basename(output_file)) | ||
95 | cmd += ['-o', tmp_file] | ||
96 | |||
97 | cmd += [input_file] | ||
98 | |||
99 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) | ||
100 | (_, stderr) = job.communicate(passphrase.encode("utf-8")) | ||
95 | 101 | ||
96 | if job.returncode: | 102 | if job.returncode: |
97 | bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) | 103 | bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) |
98 | 104 | ||
105 | os.rename(tmp_file, output_file) | ||
99 | except IOError as e: | 106 | except IOError as e: |
100 | bb.error("IO error (%s): %s" % (e.errno, e.strerror)) | 107 | bb.error("IO error (%s): %s" % (e.errno, e.strerror)) |
101 | raise Exception("Failed to sign '%s'" % input_file) | 108 | raise Exception("Failed to sign '%s'" % input_file) |