diff options
| -rw-r--r-- | meta/lib/oe/gpg_sign.py | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 613dab8561..ede6186c84 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py | |||
| @@ -5,11 +5,12 @@ | |||
| 5 | # | 5 | # |
| 6 | 6 | ||
| 7 | """Helper module for GPG signing""" | 7 | """Helper module for GPG signing""" |
| 8 | import os | ||
| 9 | 8 | ||
| 10 | import bb | 9 | import bb |
| 11 | import subprocess | 10 | import os |
| 12 | import shlex | 11 | import shlex |
| 12 | import subprocess | ||
| 13 | import tempfile | ||
| 13 | 14 | ||
| 14 | class LocalSigner(object): | 15 | class LocalSigner(object): |
| 15 | """Class for handling local (on the build host) signing""" | 16 | """Class for handling local (on the build host) signing""" |
| @@ -73,8 +74,6 @@ class LocalSigner(object): | |||
| 73 | cmd += ['--homedir', self.gpg_path] | 74 | cmd += ['--homedir', self.gpg_path] |
| 74 | if armor: | 75 | if armor: |
| 75 | cmd += ['--armor'] | 76 | cmd += ['--armor'] |
| 76 | if output_suffix: | ||
| 77 | cmd += ['-o', input_file + "." + output_suffix] | ||
| 78 | if use_sha256: | 77 | if use_sha256: |
| 79 | cmd += ['--digest-algo', "SHA256"] | 78 | cmd += ['--digest-algo', "SHA256"] |
| 80 | 79 | ||
| @@ -83,19 +82,27 @@ class LocalSigner(object): | |||
| 83 | if self.gpg_version > (2,1,): | 82 | if self.gpg_version > (2,1,): |
| 84 | cmd += ['--pinentry-mode', 'loopback'] | 83 | cmd += ['--pinentry-mode', 'loopback'] |
| 85 | 84 | ||
| 86 | cmd += [input_file] | ||
| 87 | |||
| 88 | try: | 85 | try: |
| 89 | if passphrase_file: | 86 | if passphrase_file: |
| 90 | with open(passphrase_file) as fobj: | 87 | with open(passphrase_file) as fobj: |
| 91 | passphrase = fobj.readline(); | 88 | passphrase = fobj.readline(); |
| 92 | 89 | ||
| 93 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) | 90 | if not output_suffix: |
| 94 | (_, stderr) = job.communicate(passphrase.encode("utf-8")) | 91 | output_suffix = 'asc' if armor else 'sig' |
| 92 | output_file = input_file + "." + output_suffix | ||
| 93 | with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir: | ||
| 94 | tmp_file = os.path.join(tmp_dir, os.path.basename(output_file)) | ||
| 95 | cmd += ['-o', tmp_file] | ||
| 96 | |||
| 97 | cmd += [input_file] | ||
| 98 | |||
| 99 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) | ||
| 100 | (_, stderr) = job.communicate(passphrase.encode("utf-8")) | ||
| 95 | 101 | ||
| 96 | if job.returncode: | 102 | if job.returncode: |
| 97 | bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) | 103 | bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) |
| 98 | 104 | ||
| 105 | os.rename(tmp_file, output_file) | ||
| 99 | except IOError as e: | 106 | except IOError as e: |
| 100 | bb.error("IO error (%s): %s" % (e.errno, e.strerror)) | 107 | bb.error("IO error (%s): %s" % (e.errno, e.strerror)) |
| 101 | raise Exception("Failed to sign '%s'" % input_file) | 108 | raise Exception("Failed to sign '%s'" % input_file) |