diff options
| author |   Ross Burton <ross.burton@intel.com> | 2015-10-24 01:02:34 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:49:14 +0000 |
| commit | 6daf138822bbbc46960121d3b76b42eaf19e7c0e (patch) | |
| tree | 15c7827d8cf9f10cab9c5e4d98e1c72addaa3308 /meta/classes/sstate.bbclass | |
| parent | 5c84057de5b31c5d6d9abfcca3078bf766a21d88 (diff) | |
| download | openembedded-core-contrib-6daf138822bbbc46960121d3b76b42eaf19e7c0e.tar.gz | |
sstate: respect GPG_BIN and GPG_HOME
The package feed signing code supports the user providing the path to the gpg
binary and an alternative gpg 'home' (usually ~/.gnupg), which are useful for
both deployment and QA purposes.
Factor out the gpg command line construction to a function which can fetch both
of these variables, and also use pipes.quote() to sanitise the arguments when
used in a shell context.
[ YOCTO #8559 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/classes/sstate.bbclass')
| -rw-r--r-- | meta/classes/sstate.bbclass | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index d09e27aee4..ba18f54428 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -268,6 +268,20 @@ def sstate_install(ss, d): sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" +def sstate_build_gpg_command(d, *args, **kwargs): + # Returns a list for subprocess.call() unless passed flatten=True when this + # returns a flattened string. + l = [d.getVar("GPG_BIN", True) or "gpg"] + if d.getVar("GPG_PATH", True): + l += ["--homedir", d.getVar("GPG_PATH", True)] + l += args + + if kwargs.get("flatten", False): + import pipes + return " ".join(map(pipes.quote, l)) + else: + return l + def sstate_installpkg(ss, d): import oe.path import subprocess @@ -296,7 +310,7 @@ def sstate_installpkg(ss, d): d.setVar('SSTATE_PKG', sstatepkg) if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): - if subprocess.call(["gpg", "--verify", sstatepkg + ".sig", sstatepkg]) != 0: + if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0: bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): @@ -672,12 +686,12 @@ sstate_create_package () { else tar -cz --file=$TFILE --files-from=/dev/null fi - chmod 0664 $TFILE + chmod 0664 $TFILE mv -f $TFILE ${SSTATE_PKG} if [ -n "${SSTATE_SIG_KEY}" ]; then rm -f ${SSTATE_PKG}.sig - echo ${SSTATE_SIG_PASSPHRASE} | gpg --batch --passphrase-fd 0 --detach-sign --local-user ${SSTATE_SIG_KEY} --output ${SSTATE_PKG}.sig ${SSTATE_PKG} + echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)} fi cd ${WORKDIR} |