sign_rpm.bbclass: do not store key details in signer instance

Refactor the LocalSigner class. Do not store keyid or passphrase file in the signer object as they are only needed for some of the methods. For example, the newly added verify() method does not need any key parameters and export_pubkey only uses keyid. (From OE-Core rev: e2412294b6b1d3a80ee97a0706613349edc51d33) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Markus Lehtonen <markus.lehtonen@linux.intel.com> 2016-02-10 16:15:57 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-19 01:01:25 +0000
commit: e845b75f8fc718765158a858cfe904c575315f45 (patch)
tree: a456ad2949d45e46a9f886717eb02c3c822aa90c /meta/lib
parent: d5be8666a1f429283e8200ef67f1fc3afa587c4f (diff)
download: openembedded-core-contrib-e845b75f8fc718765158a858cfe904c575315f45.tar.gz
2 files changed, 15 insertions, 18 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 16a23645b6..c4cadd6a24 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -6,31 +6,29 @@ import oe.utils
 
 class LocalSigner(object):
     """Class for handling local (on the build host) signing"""
-    def __init__(self, d, keyid, passphrase_file):
-        self.keyid = keyid
-        self.passphrase_file = passphrase_file
+    def __init__(self, d):
         self.gpg_bin = d.getVar('GPG_BIN', True) or \
                   bb.utils.which(os.getenv('PATH'), 'gpg')
         self.gpg_path = d.getVar('GPG_PATH', True)
         self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm")
 
-    def export_pubkey(self, output_file):
+    def export_pubkey(self, output_file, keyid):
         """Export GPG public key to a file"""
         cmd = '%s --batch --yes --export --armor -o %s ' % \
                 (self.gpg_bin, output_file)
         if self.gpg_path:
             cmd += "--homedir %s " % self.gpg_path
-        cmd += self.keyid
+        cmd += keyid
         status, output = oe.utils.getstatusoutput(cmd)
         if status:
             raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
-                                      (self.keyid, output))
+                                      (keyid, output))
 
-    def sign_rpms(self, files):
+    def sign_rpms(self, files, keyid, passphrase_file):
         """Sign RPM files"""
         import pexpect
 
-        cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % self.keyid
+        cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid
         if self.gpg_bin:
             cmd += "--define '%%__gpg %s' " % self.gpg_bin
         if self.gpg_path:
@@ -41,7 +39,7 @@ class LocalSigner(object):
         proc = pexpect.spawn(cmd)
         try:
             proc.expect_exact('Enter pass phrase:', timeout=15)
-            with open(self.passphrase_file) as fobj:
+            with open(passphrase_file) as fobj:
                 proc.sendline(fobj.readline().rstrip('\n'))
             proc.expect(pexpect.EOF, timeout=900)
             proc.close()
@@ -52,11 +50,11 @@ class LocalSigner(object):
             bb.error('rpmsign failed: %s' % proc.before.strip())
             raise bb.build.FuncFailed("Failed to sign RPM packages")
 
-    def detach_sign(self, input_file, armor=True):
+    def detach_sign(self, input_file, keyid, passphrase_file, armor=True):
         """Create a detached signature of a file"""
         cmd = "%s --detach-sign --batch --no-tty --yes " \
                   "--passphrase-file '%s' -u '%s' " % \
-                  (self.gpg_bin, self.passphrase_file, self.keyid)
+                  (self.gpg_bin, passphrase_file, keyid)
         if self.gpg_path:
             cmd += "--homedir %s " % self.gpg_path
         if armor:
@@ -78,11 +76,11 @@ class LocalSigner(object):
         return ret
 
 
-def get_signer(d, backend, keyid, passphrase_file):
+def get_signer(d, backend):
     """Get signer object for the specified backend"""
     # Use local signing by default
     if backend == 'local':
-        return LocalSigner(d, keyid, passphrase_file)
+        return LocalSigner(d)
     else:
         bb.fatal("Unsupported signing backend '%s'" % backend)
 
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 26f6466ed1..b30a4da057 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -110,10 +110,7 @@ class RpmIndexer(Indexer):
 
         rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo")
         if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
-            signer = get_signer(self.d,
-                                self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True),
-                                self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
-                                self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
+            signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
         else:
             signer = None
         index_cmds = []
@@ -144,7 +141,9 @@ class RpmIndexer(Indexer):
         # Sign repomd
         if signer:
             for repomd in repomd_files:
-                signer.detach_sign(repomd)
+                signer.detach_sign(repomd,
+                                   self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
+                                   self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
         # Copy pubkey(s) to repo
         distro_version = self.d.getVar('DISTRO_VERSION', True) or "oe.0"
         if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1':
author	Markus Lehtonen <markus.lehtonen@linux.intel.com>	2016-02-10 16:15:57 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-19 01:01:25 +0000
commit	e845b75f8fc718765158a858cfe904c575315f45 (patch)
tree	a456ad2949d45e46a9f886717eb02c3c822aa90c /meta/lib
parent	d5be8666a1f429283e8200ef67f1fc3afa587c4f (diff)
download	openembedded-core-contrib-e845b75f8fc718765158a858cfe904c575315f45.tar.gz