summaryrefslogtreecommitdiffstats
path: root/meta/classes/sign_rpm.bbclass
diff options
context:
space:
mode:
authorLans Zhang <jia.zhang@windriver.com>2017-07-11 04:43:03 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-07-17 13:01:37 (GMT)
commit30ba8b6894fc332651eba1f2451eb5aba23a7251 (patch)
treef4d911b60d6b29f17975c1494f8d1754697c58ee /meta/classes/sign_rpm.bbclass
parent946a3dae158ed4709915645ba06dc9bab159be34 (diff)
downloadpoky-30ba8b6894fc332651eba1f2451eb5aba23a7251.tar.gz
sign_rpm: support signing files in RPM payload
Currently, RPM4 supports to sign the files in RPM payload with plugin mechanism. We introduce more definitions to make the file signing available for the users: - RPM_FILE_CHECKSUM_DIGEST Global switch to enable file signing. - RPM_FSK_PATH The file signing key. - RPM_FSK_PASSWORD The password of file signing key. - RPM_FILE_CHECKSUM_DIGEST The file checksum digest. (From OE-Core rev: 95b9ee33d5595078e90c633f6155ec9ba3d184f0) Signed-off-by: Lans Zhang <jia.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/sign_rpm.bbclass')
-rw-r--r--meta/classes/sign_rpm.bbclass20
1 files changed, 19 insertions, 1 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index bc2e9471..c49406c 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -9,6 +9,13 @@
9# Optional variable for specifying the backend to use for signing. 9# Optional variable for specifying the backend to use for signing.
10# Currently the only available option is 'local', i.e. local signing 10# Currently the only available option is 'local', i.e. local signing
11# on the build host. 11# on the build host.
12# RPM_FILE_CHECKSUM_DIGEST
13# Optional variable for specifying the algorithm for generating file
14# checksum digest.
15# RPM_FSK_PATH
16# Optional variable for the file signing key.
17# RPM_FSK_PASSWORD
18# Optional variable for the file signing key password.
12# GPG_BIN 19# GPG_BIN
13# Optional variable for specifying the gpg binary/wrapper to use for 20# Optional variable for specifying the gpg binary/wrapper to use for
14# signing. 21# signing.
@@ -18,7 +25,10 @@
18inherit sanity 25inherit sanity
19 26
20RPM_SIGN_PACKAGES='1' 27RPM_SIGN_PACKAGES='1'
28RPM_SIGN_FILES ?= '0'
21RPM_GPG_BACKEND ?= 'local' 29RPM_GPG_BACKEND ?= 'local'
30# SHA-256 is used by default
31RPM_FILE_CHECKSUM_DIGEST ?= '8'
22 32
23 33
24python () { 34python () {
@@ -28,6 +38,11 @@ python () {
28 for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): 38 for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
29 if not d.getVar(var): 39 if not d.getVar(var):
30 raise_sanity_error("You need to define %s in the config" % var, d) 40 raise_sanity_error("You need to define %s in the config" % var, d)
41
42 if d.getVar('RPM_SIGN_FILES') == '1':
43 for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'):
44 if not d.getVar(var):
45 raise_sanity_error("You need to define %s in the config" % var, d)
31} 46}
32 47
33python sign_rpm () { 48python sign_rpm () {
@@ -39,7 +54,10 @@ python sign_rpm () {
39 54
40 signer.sign_rpms(rpms, 55 signer.sign_rpms(rpms,
41 d.getVar('RPM_GPG_NAME'), 56 d.getVar('RPM_GPG_NAME'),
42 d.getVar('RPM_GPG_PASSPHRASE')) 57 d.getVar('RPM_GPG_PASSPHRASE'),
58 d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
59 d.getVar('RPM_FSK_PATH'),
60 d.getVar('RPM_FSK_PASSWORD'))
43} 61}
44 62
45do_package_index[depends] += "signing-keys:do_deploy" 63do_package_index[depends] += "signing-keys:do_deploy"