From 7bb9e8ddbfabfbaebe1b3cb635b6d9979854cc47 Mon Sep 17 00:00:00 2001
From: Randy Witt <randy.e.witt@linux.intel.com>
Date: Fri, 19 Feb 2016 08:45:25 -0800
Subject: signing-keys: Make signing keys the only publisher of keys

Previously the keys were put into the os-release package. The package
indexing code was also deploying the keys rather than only using the keys.

This change makes signing-keys.bb the only publisher of the keys and also
uses standard tasks that already have sstate.

(From OE-Core rev: 1e38068ac38dfd067655dfd41464e28439179306)

Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/meta/signing-keys.bb     | 61 +++++++++++++++++++++---------
 meta/recipes-core/os-release/os-release.bb | 11 ------
 2 files changed, 43 insertions(+), 29 deletions(-)

(limited to 'meta/recipes-core')

diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
index d7763c664e..1d0e8344ef 100644
--- a/meta/recipes-core/meta/signing-keys.bb
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -3,37 +3,62 @@
 
 DESCRIPTION = "Make public keys of the signing keys available"
 LICENSE = "MIT"
-PACKAGES = ""
-
-do_fetch[noexec] = "1"
-do_unpack[noexec] = "1"
-do_patch[noexec] = "1"
-do_configure[noexec] = "1"
-do_compile[noexec] = "1"
-do_install[noexec] = "1"
-do_package[noexec] = "1"
-do_packagedata[noexec] = "1"
-do_package_write_ipk[noexec] = "1"
-do_package_write_rpm[noexec] = "1"
-do_package_write_deb[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+
+inherit allarch deploy
 
 EXCLUDE_FROM_WORLD = "1"
+INHIBIT_DEFAULT_DEPS = "1"
+
+PACKAGES =+ "${PN}-rpm ${PN}-packagefeed"
 
+FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
+FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
 
-python do_export_public_keys () {
+python do_get_public_keys () {
     from oe.gpg_sign import get_signer
 
     if d.getVar("RPM_SIGN_PACKAGES", True):
         # Export public key of the rpm signing key
         signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
-        signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True),
+        signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
                              d.getVar('RPM_GPG_NAME', True))
 
     if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
         # Export public key of the feed signing key
         signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
-        signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True),
+        signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
                              d.getVar('PACKAGE_FEED_GPG_NAME', True))
 }
-addtask do_export_public_keys before do_build
+do_get_public_keys[cleandirs] = "${B}"
+addtask get_public_keys before do_install
+
+do_install () {
+    if [ -f "${B}/rpm-key" ]; then
+        install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}"
+    fi
+    if [ -f "${B}/pf-key" ]; then
+        install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
+    fi
+}
+
+sysroot_stage_all_append () {
+    sysroot_stage_dir ${D}${sysconfdir}/pki ${SYSROOT_DESTDIR}${sysconfdir}/pki
+}
+
+do_deploy () {
+    if [ -f "${B}/rpm-key" ]; then
+        install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}"
+    fi
+    if [ -f "${B}/pf-key" ]; then
+        install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
+    fi
+}
+do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
+# cleandirs should possibly be in deploy.bbclass but we need it
+do_deploy[cleandirs] = "${DEPLOYDIR}"
+# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass
+do_deploy[stamp-extra-info] = ""
+addtask deploy after do_get_public_keys
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index df19ca216f..58364ea249 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -30,21 +30,10 @@ python do_compile () {
             value = d.getVar(field, True)
             if value:
                 f.write('{0}="{1}"\n'.format(field, value))
-    if d.getVar('RPM_SIGN_PACKAGES', True) == '1':
-        rpm_gpg_pubkey = d.getVar('RPM_GPG_PUBKEY', True)
-        bb.utils.mkdirhier('${B}/rpm-gpg')
-        distro_version = d.getVar('DISTRO_VERSION', True) or "oe.0"
-        shutil.copy2(rpm_gpg_pubkey, d.expand('${B}/rpm-gpg/RPM-GPG-KEY-%s' % distro_version))
 }
 do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
-do_compile[depends] += "signing-keys:do_export_public_keys"
 
 do_install () {
     install -d ${D}${sysconfdir}
     install -m 0644 os-release ${D}${sysconfdir}/
-
-    if [ -d "rpm-gpg" ]; then
-        install -d "${D}${sysconfdir}/pki"
-        cp -r "rpm-gpg" "${D}${sysconfdir}/pki/"
-    fi
 }
-- 
cgit v1.2.3-54-g00ecf