diff options
| author | Ferry Toth <ftoth@exalondelft.nl> | 2022-04-03 21:50:45 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-05 22:25:13 +0100 |
| commit | 0b4231b597618e18668b8340f4209cd364b2b2d0 (patch) | |
| tree | 1ef86c4b7b7babcbf27d8535a87ce944cffaa2e7 | |
| parent | bd8f1f7787b7017b29ecea5b18a164a39de09e27 (diff) | |
| download | poky-0b4231b597618e18668b8340f4209cd364b2b2d0.tar.gz | |
package_manager: sign DEB package feeds
Implement debian package repository signature.
For each Release file created in repository subdirectory, a signature
Release.gpg is created.
Signature is performed using gpg backend when the following variables
are set in local.conf:
PACKAGE_CLASSES += "sign_package_feed"
PACKAGE_FEED_GPG_NAME = "<Id of GPG key>"
PACKAGE_FEED_GPG_PASSPHRASE_FILE="<path to password file>"
(From OE-Core rev: fcc3cee276999efe6402959eb295e7a0e1e96f96)
Signed-off-by: Xavier Berger <xavier.berger@bio-logic.net>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/lib/oe/package_manager/deb/__init__.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/meta/lib/oe/package_manager/deb/__init__.py b/meta/lib/oe/package_manager/deb/__init__.py index 9f112ae25b..86ddb130ad 100644 --- a/meta/lib/oe/package_manager/deb/__init__.py +++ b/meta/lib/oe/package_manager/deb/__init__.py | |||
| @@ -53,6 +53,7 @@ class DpkgIndexer(Indexer): | |||
| 53 | 53 | ||
| 54 | index_cmds = [] | 54 | index_cmds = [] |
| 55 | deb_dirs_found = False | 55 | deb_dirs_found = False |
| 56 | index_sign_files = set() | ||
| 56 | for arch in arch_list: | 57 | for arch in arch_list: |
| 57 | arch_dir = os.path.join(self.deploy_dir, arch) | 58 | arch_dir = os.path.join(self.deploy_dir, arch) |
| 58 | if not os.path.isdir(arch_dir): | 59 | if not os.path.isdir(arch_dir): |
| @@ -62,7 +63,10 @@ class DpkgIndexer(Indexer): | |||
| 62 | 63 | ||
| 63 | cmd += "%s -fcn Packages > Packages.gz;" % gzip | 64 | cmd += "%s -fcn Packages > Packages.gz;" % gzip |
| 64 | 65 | ||
| 65 | with open(os.path.join(arch_dir, "Release"), "w+") as release: | 66 | release_file = os.path.join(arch_dir, "Release") |
| 67 | index_sign_files.add(release_file) | ||
| 68 | |||
| 69 | with open(release_file, "w+") as release: | ||
| 66 | release.write("Label: %s\n" % arch) | 70 | release.write("Label: %s\n" % arch) |
| 67 | 71 | ||
| 68 | cmd += "PSEUDO_UNLOAD=1 %s release . >> Release" % apt_ftparchive | 72 | cmd += "PSEUDO_UNLOAD=1 %s release . >> Release" % apt_ftparchive |
| @@ -76,8 +80,17 @@ class DpkgIndexer(Indexer): | |||
| 76 | return | 80 | return |
| 77 | 81 | ||
| 78 | oe.utils.multiprocess_launch(create_index, index_cmds, self.d) | 82 | oe.utils.multiprocess_launch(create_index, index_cmds, self.d) |
| 79 | if self.d.getVar('PACKAGE_FEED_SIGN') == '1': | 83 | if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': |
| 80 | raise NotImplementedError('Package feed signing not implementd for dpkg') | 84 | signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) |
| 85 | else: | ||
| 86 | signer = None | ||
| 87 | if signer: | ||
| 88 | for f in index_sign_files: | ||
| 89 | signer.detach_sign(f, | ||
| 90 | self.d.getVar('PACKAGE_FEED_GPG_NAME', True), | ||
| 91 | self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True), | ||
| 92 | output_suffix="gpg", | ||
| 93 | use_sha256=True) | ||
| 81 | 94 | ||
| 82 | class PMPkgsList(PkgsList): | 95 | class PMPkgsList(PkgsList): |
| 83 | 96 | ||