mirror of
https://git.yoctoproject.org/poky
synced 2026-02-20 08:29:42 +01:00
30ba8b6894
Currently, RPM4 supports to sign the files in RPM payload with plugin mechanism. We introduce more definitions to make the file signing available for the users: - RPM_FILE_CHECKSUM_DIGEST Global switch to enable file signing. - RPM_FSK_PATH The file signing key. - RPM_FSK_PASSWORD The password of file signing key. - RPM_FILE_CHECKSUM_DIGEST The file checksum digest. (From OE-Core rev: 95b9ee33d5595078e90c633f6155ec9ba3d184f0) Signed-off-by: Lans Zhang <jia.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
65 lines
2.2 KiB
Plaintext
65 lines
2.2 KiB
Plaintext
# Class for generating signed RPM packages.
|
|
#
|
|
# Configuration variables used by this class:
|
|
# RPM_GPG_PASSPHRASE
|
|
# The passphrase of the signing key.
|
|
# RPM_GPG_NAME
|
|
# Name of the key to sign with. May be key id or key name.
|
|
# RPM_GPG_BACKEND
|
|
# Optional variable for specifying the backend to use for signing.
|
|
# Currently the only available option is 'local', i.e. local signing
|
|
# on the build host.
|
|
# RPM_FILE_CHECKSUM_DIGEST
|
|
# Optional variable for specifying the algorithm for generating file
|
|
# checksum digest.
|
|
# RPM_FSK_PATH
|
|
# Optional variable for the file signing key.
|
|
# RPM_FSK_PASSWORD
|
|
# Optional variable for the file signing key password.
|
|
# GPG_BIN
|
|
# Optional variable for specifying the gpg binary/wrapper to use for
|
|
# signing.
|
|
# GPG_PATH
|
|
# Optional variable for specifying the gnupg "home" directory:
|
|
#
|
|
inherit sanity
|
|
|
|
RPM_SIGN_PACKAGES='1'
|
|
RPM_SIGN_FILES ?= '0'
|
|
RPM_GPG_BACKEND ?= 'local'
|
|
# SHA-256 is used by default
|
|
RPM_FILE_CHECKSUM_DIGEST ?= '8'
|
|
|
|
|
|
python () {
|
|
if d.getVar('RPM_GPG_PASSPHRASE_FILE'):
|
|
raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d)
|
|
# Check configuration
|
|
for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
|
|
if not d.getVar(var):
|
|
raise_sanity_error("You need to define %s in the config" % var, d)
|
|
|
|
if d.getVar('RPM_SIGN_FILES') == '1':
|
|
for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'):
|
|
if not d.getVar(var):
|
|
raise_sanity_error("You need to define %s in the config" % var, d)
|
|
}
|
|
|
|
python sign_rpm () {
|
|
import glob
|
|
from oe.gpg_sign import get_signer
|
|
|
|
signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
|
|
rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*')
|
|
|
|
signer.sign_rpms(rpms,
|
|
d.getVar('RPM_GPG_NAME'),
|
|
d.getVar('RPM_GPG_PASSPHRASE'),
|
|
d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
|
|
d.getVar('RPM_FSK_PATH'),
|
|
d.getVar('RPM_FSK_PASSWORD'))
|
|
}
|
|
|
|
do_package_index[depends] += "signing-keys:do_deploy"
|
|
do_rootfs[depends] += "signing-keys:do_populate_sysroot"
|