| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new Python module (oe.gpg_sign) for handling GPG signing
operations, i.e. currently package and package feed signing. The purpose
is to be able to more easily support various signing backends and to be
able to centralise signing functionality into one place (e.g. package
signing and sstate signing). Currently, only local signing with gpg is
implemented.
[YOCTO #8755]
(From OE-Core rev: 9b3dc1bd4b8336423a3f8f7db0ab5fa6fa0e7257)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
do_rootfs task needs to depend on signing-keys:do_export_public_keys.
The rpm signing public key needs to be present in order to prevent a
crash because it is imported into the rootfs rpmdb before rootfs
creation starts.
(From OE-Core rev: f854f4549f0b01421464032406a5275494acd818)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
We should always pass a parameter to getVar, add missing default value.
(From OE-Core rev: 31bc0a46a97d7dc98568a218c077c31d8b11dbd9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.
(From OE-Core rev: 23b30c34581948e1ea02c25cbf7b9194d7e49fb8)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Simplifies the configuration. Makes way for the removal of
RPM_GPG_PUBKEY setting and possible future implementation of a separate
signing server support. Also, moves the configuration sanity checking
into a separate function.
(From OE-Core rev: 6ea062dffce3df59cc4ba88edd181dc1dac759f9)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3abdd2bf886e4b3bc7dd957c77a7745498386161)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This bitbake configuration variable can be used to define the gpg home
directory.
(From OE-Core rev: 7ea2f8aca832433f448a79d103c945a63ac6474b)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
This patch adds a new bbclass for generating rpm packages that are
signed with a user defined key. The packages are signed as part of the
"package_write_rpm" task.
In order to enable the feature you need to
1. 'INHERIT += " sign_rpm"' in bitbake config (e.g. local or
distro)
2. Create a file that contains the passphrase to your gpg secret key
3. 'RPM_GPG_PASSPHRASE_FILE = "<path_to_file>" in bitbake config,
pointing to the passphrase file created in 2.
4. Define GPG key name to use by either defining
'RPM_GPG_NAME = "<key_id>" in bitbake config OR by defining
%_gpg_name <key_id> in your ~/.oerpmmacros file
5. 'RPM_GPG_PUBKEY = "<path_to_pubkey>" in bitbake config pointing to
the public key (in "armor" format)
The user may optionally define "GPG_BIN" variable in the bitbake
configuration in order to specify a specific gpg binary/wrapper to use.
The sign_rpm.bbclass implements a simple scenario of locally signing the
packages. It could be replaced by a more advanced class that would
utilize a separate signing server for signing the packages, for example.
[YOCTO #8134]
(From OE-Core rev: 75f5f11b19ba1bf8743caf9ee7c99a3c67f4b266)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
