summaryrefslogtreecommitdiffstats
path: root/meta/classes/sign_package_feed.bbclass
Commit message (Collapse)AuthorAgeFilesLines
* classes: Add SPDX license identifiersRichard Purdie2022-08-121-0/+2
| | | | | | | | | | | | As stated in our top level license files, the license is MIT unless otherwise stated. Add SPDX identifers accordingly. Replace older license statementa with the standardised syntax. Also drop "All Rights Reserved" expression as it isn't used now, doesn't mean anything and is confusing. (From OE-Core rev: 081a391fe09a21265881e39a2a496e4e10b4f80b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes: Add copyright statements to files without oneRichard Purdie2022-08-121-0/+4
| | | | | | | | | Where there isn't a copyright statement, add one to make it explicit. Also drop editor config lines where they were present. (From OE-Core rev: 880c1ea3edc8edef974e65b2d424fc36809ea034) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager: fix missing dependency on gnupg when signing deb package feedsFerry Toth2022-04-191-0/+1
| | | | | | | | | | | | | | | | When signing the deb package feed gpg tools are a soft requirement. If gnupg-native is not declared a dependancy the version from hosttools is used. Unfortunately the gpg-agent version from Ubuntu 16.04 on the autobuilders is incompatible with the package_index task and fails during oe-selftest. Fix by making gnupg-native a dependency. Fixes: 0b4231b5 "package_manager: sign DEB package feeds" Reported-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Suggested-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: c063b658e30a24be9214abc23cd2a16c0260e93e) Signed-off-by: Ferry Toth <ftoth@exalondelft.nl> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Convert to new override syntaxRichard Purdie2021-08-021-1/+1
| | | | | | | | | | | | This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: use native version for signing, rather than one provided by hostAlexander Kanavin2018-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Using host gpg has been problematic, and particularly this removes the need to serialize package creation, as long as --auto-expand-secmem is passed to gpg-agent, and gnupg >= 2.2.4 is in use (https://dev.gnupg.org/T3530). Sadly, gpg-agent itself is single-threaded, so in the longer run we might want to seek alternatives: https://lwn.net/Articles/742542/ (a smaller issue is that rpm itself runs the gpg fronted in a serial fashion, which slows down the build in cases of recipes with very large amount of packages, e.g. glibc-locale) Note that sstate signing and verification continues to use host gpg, as depending on native gpg would create circular dependencies. [YOCTO #12022] (From OE-Core rev: 08fef6198122fe79d4c1213f9a64b862162ed6cd) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sign_package_feed.bbclass: install signing key into rootfsMarkus Lehtonen2017-08-161-0/+3
| | | | | | | | | | | If package-management is enabled. [YOCTO #11209] (From OE-Core rev: 4f89a5629f876a833c0178d1ec687448d3ed8e71) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-161-2/+2
| | | | | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) (From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sign_package_feed: add feed signature typeIoan-Adrian Ratiu2016-03-111-1/+11
| | | | | | | | | | Signing package feeds will default to ascii armored signatures (ASC) the other option being binary (BIN). This is for both rpm and ipk backends. (From OE-Core rev: 862a3892feb2628282e1d6f2e4498a7a3bd60cbf) Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* signing-keys: Make signing keys the only publisher of keysRandy Witt2016-02-261-7/+2
| | | | | | | | | | | | | Previously the keys were put into the os-release package. The package indexing code was also deploying the keys rather than only using the keys. This change makes signing-keys.bb the only publisher of the keys and also uses standard tasks that already have sstate. (From OE-Core rev: 1e38068ac38dfd067655dfd41464e28439179306) Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sign_package_feed.bbclass: fix task dependenciesMarkus Lehtonen2016-02-111-0/+1
| | | | | | | | | | | | This dependency was already added to sign_rpm.bbclass. However, the same dep needs to be added to sign_package_feed.bbclass, too, to cover the case where rpm signing is disabled but package feed signing is enabled. (From OE-Core rev: f1eada135a6b6eef0444ca7a7ff14ab388cb879b) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/lib: new module for handling GPG signingMarkus Lehtonen2016-01-261-0/+6
| | | | | | | | | | | | | | | | | Add a new Python module (oe.gpg_sign) for handling GPG signing operations, i.e. currently package and package feed signing. The purpose is to be able to more easily support various signing backends and to be able to centralise signing functionality into one place (e.g. package signing and sstate signing). Currently, only local signing with gpg is implemented. [YOCTO #8755] (From OE-Core rev: 9b3dc1bd4b8336423a3f8f7db0ab5fa6fa0e7257) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* populate_sdk_ext/sign_rpm/sign_package_feed: Add missing getVar parameterRichard Purdie2015-12-141-1/+1
| | | | | | | | We should always pass a parameter to getVar, add missing default value. (From OE-Core rev: 31bc0a46a97d7dc98568a218c077c31d8b11dbd9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package signing: automatically export public keysMarkus Lehtonen2015-10-271-0/+7
| | | | | | | | | | | | Automatically export public key(s) of the signing key(s) from the gpg keyring. Adds a new simple recipe that does the actual task of exporting the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG PUBKEY settings obsolete. (From OE-Core rev: 23b30c34581948e1ea02c25cbf7b9194d7e49fb8) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add new bbclass for package feed signingMarkus Lehtonen2015-10-271-0/+24
After this change signed package feeds should be enabled by adding INERIT += "sign_package_feed" instead of definining PACKAGE_FEED_SIGN="1". (From OE-Core rev: 2ba901da9a07350cc8975fc951ef5054b32d421b) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-28 01:50:29 +0000