From efcecc318bc67212fd112deed45834f71038f957 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Tue, 15 Aug 2017 14:34:54 +0300 Subject: package_manager.py: enable dnf's repo_gpgcheck if feed signing is enabled If package feed signing is enabled enable repo gpg signature check for rpm repositories added via PACKAGE_FEED_URIS. This has the implication that all repositories added via this mechanism must be signed with the same key. [YOCTO #11209] (From OE-Core rev: f7716f1de0791dfe778bb70f1769a7e1e83c7a54) Signed-off-by: Markus Lehtonen Signed-off-by: Richard Purdie --- meta/lib/oe/package_manager.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'meta/lib/oe/package_manager.py') diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 942f2dd903..d43d729203 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -559,6 +559,12 @@ class RpmPM(PackageManager): if feed_uris == "": return + if self.d.getVar('PACKAGE_FEED_SIGN') == '1': + gpg_opts = 'repo_gpgcheck=1\n' + gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO_VERSION')) + else: + gpg_opts = '' + bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d")) remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split()) for uri in remote_uris: @@ -569,12 +575,12 @@ class RpmPM(PackageManager): repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/")) repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/")) open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write( - "[%s]\nname=%s\nbaseurl=%s\n\n" % (repo_id, repo_name, repo_uri)) + "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts)) else: repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/")) repo_uri = uri open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write( - "[%s]\nname=%s\nbaseurl=%s\n" % (repo_base, repo_name, repo_uri)) + "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts)) def _prepare_pkg_transaction(self): os.environ['D'] = self.target_rootfs -- cgit v1.2.3-54-g00ecf