linux/poky.git/meta/classes/sign_rpm.bbclass, branch python3

gpg_sign.py: get rid of pexpect

2016-03-25T10:29:14+00:00

The python-expect is not installed on the distro such as Ubuntu by default, and we can get rid of it. Use RPM_GPG_PASSPHRASE to replace of RPM_GPG_PASSPHRASE_FILE which is more straightforward. (From OE-Core rev: 4a8a74c62836a20610daf029d4cec0b3087758b2) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie

signing-keys: Make signing keys the only publisher of keys

2016-02-26T17:16:25+00:00

Previously the keys were put into the os-release package. The package indexing code was also deploying the keys rather than only using the keys. This change makes signing-keys.bb the only publisher of the keys and also uses standard tasks that already have sstate. (From OE-Core rev: 1e38068ac38dfd067655dfd41464e28439179306) Signed-off-by: Randy Witt Signed-off-by: Richard Purdie

sign_rpm.bbclass: do not store key details in signer instance

2016-02-19T01:01:25+00:00

Refactor the LocalSigner class. Do not store keyid or passphrase file in the signer object as they are only needed for some of the methods. For example, the newly added verify() method does not need any key parameters and export_pubkey only uses keyid. (From OE-Core rev: e2412294b6b1d3a80ee97a0706613349edc51d33) Signed-off-by: Markus Lehtonen Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

meta/lib: new module for handling GPG signing

2016-01-26T22:31:58+00:00

Add a new Python module (oe.gpg_sign) for handling GPG signing operations, i.e. currently package and package feed signing. The purpose is to be able to more easily support various signing backends and to be able to centralise signing functionality into one place (e.g. package signing and sstate signing). Currently, only local signing with gpg is implemented. [YOCTO #8755] (From OE-Core rev: 9b3dc1bd4b8336423a3f8f7db0ab5fa6fa0e7257) Signed-off-by: Markus Lehtonen Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

sign_rpm.bbclass: fix task dependencies

2016-01-19T17:37:34+00:00

do_rootfs task needs to depend on signing-keys:do_export_public_keys. The rpm signing public key needs to be present in order to prevent a crash because it is imported into the rootfs rpmdb before rootfs creation starts. (From OE-Core rev: f854f4549f0b01421464032406a5275494acd818) Signed-off-by: Markus Lehtonen Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

populate_sdk_ext/sign_rpm/sign_package_feed: Add missing getVar parameter

2015-12-14T22:30:56+00:00

We should always pass a parameter to getVar, add missing default value. (From OE-Core rev: 31bc0a46a97d7dc98568a218c077c31d8b11dbd9) Signed-off-by: Richard Purdie

package signing: automatically export public keys

2015-10-27T07:24:25+00:00

Automatically export public key(s) of the signing key(s) from the gpg keyring. Adds a new simple recipe that does the actual task of exporting the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG PUBKEY settings obsolete. (From OE-Core rev: 23b30c34581948e1ea02c25cbf7b9194d7e49fb8) Signed-off-by: Markus Lehtonen Signed-off-by: Richard Purdie

sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting

2015-10-27T07:24:24+00:00

Simplifies the configuration. Makes way for the removal of RPM_GPG_PUBKEY setting and possible future implementation of a separate signing server support. Also, moves the configuration sanity checking into a separate function. (From OE-Core rev: 6ea062dffce3df59cc4ba88edd181dc1dac759f9) Signed-off-by: Markus Lehtonen Signed-off-by: Richard Purdie

sign_rpm.bbclass: be more verbose in case of error

2015-10-27T07:24:24+00:00

(From OE-Core rev: 3abdd2bf886e4b3bc7dd957c77a7745498386161) Signed-off-by: Markus Lehtonen Signed-off-by: Richard Purdie

sign_rpm.bbclass: introduce GPG_PATH variable

2015-10-27T07:24:24+00:00

This bitbake configuration variable can be used to define the gpg home directory. (From OE-Core rev: 7ea2f8aca832433f448a79d103c945a63ac6474b) Signed-off-by: Markus Lehtonen Signed-off-by: Richard Purdie