diff options
| author |   Randy Witt <randy.e.witt@linux.intel.com> | 2016-02-19 08:45:25 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-26 17:16:25 +0000 |
| commit | 7bb9e8ddbfabfbaebe1b3cb635b6d9979854cc47 (patch) | |
| tree | 2255b9e26f87d9aab9c92fe9f76d44f2ef421e8f /meta/recipes-core | |
| parent | 64ab17b707dc431aaed880d6d8615971243f46f8 (diff) | |
| download | openembedded-core-contrib-7bb9e8ddbfabfbaebe1b3cb635b6d9979854cc47.tar.gz | |
signing-keys: Make signing keys the only publisher of keys
Previously the keys were put into the os-release package. The package
indexing code was also deploying the keys rather than only using the keys.
This change makes signing-keys.bb the only publisher of the keys and also
uses standard tasks that already have sstate.
(From OE-Core rev: 1e38068ac38dfd067655dfd41464e28439179306)
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 61 | ||||
| -rw-r--r-- | meta/recipes-core/os-release/os-release.bb | 11 |
2 files changed, 43 insertions, 29 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index d7763c664e..1d0e8344ef 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb @@ -3,37 +3,62 @@ DESCRIPTION = "Make public keys of the signing keys available" LICENSE = "MIT" -PACKAGES = "" - -do_fetch[noexec] = "1" -do_unpack[noexec] = "1" -do_patch[noexec] = "1" -do_configure[noexec] = "1" -do_compile[noexec] = "1" -do_install[noexec] = "1" -do_package[noexec] = "1" -do_packagedata[noexec] = "1" -do_package_write_ipk[noexec] = "1" -do_package_write_rpm[noexec] = "1" -do_package_write_deb[noexec] = "1" -do_populate_sysroot[noexec] = "1" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + + +inherit allarch deploy EXCLUDE_FROM_WORLD = "1" +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGES =+ "${PN}-rpm ${PN}-packagefeed" +FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg" +FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg" -python do_export_public_keys () { +python do_get_public_keys () { from oe.gpg_sign import get_signer if d.getVar("RPM_SIGN_PACKAGES", True): # Export public key of the rpm signing key signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) - signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True), + signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'), d.getVar('RPM_GPG_NAME', True)) if d.getVar('PACKAGE_FEED_SIGN', True) == '1': # Export public key of the feed signing key signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) - signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True), + signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'), d.getVar('PACKAGE_FEED_GPG_NAME', True)) } -addtask do_export_public_keys before do_build +do_get_public_keys[cleandirs] = "${B}" +addtask get_public_keys before do_install + +do_install () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi +} + +sysroot_stage_all_append () { + sysroot_stage_dir ${D}${sysconfdir}/pki ${SYSROOT_DESTDIR}${sysconfdir}/pki +} + +do_deploy () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi +} +do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}" +# cleandirs should possibly be in deploy.bbclass but we need it +do_deploy[cleandirs] = "${DEPLOYDIR}" +# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass +do_deploy[stamp-extra-info] = "" +addtask deploy after do_get_public_keys diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index df19ca216f..58364ea249 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb @@ -30,21 +30,10 @@ python do_compile () { value = d.getVar(field, True) if value: f.write('{0}="{1}"\n'.format(field, value)) - if d.getVar('RPM_SIGN_PACKAGES', True) == '1': - rpm_gpg_pubkey = d.getVar('RPM_GPG_PUBKEY', True) - bb.utils.mkdirhier('${B}/rpm-gpg') - distro_version = d.getVar('DISTRO_VERSION', True) or "oe.0" - shutil.copy2(rpm_gpg_pubkey, d.expand('${B}/rpm-gpg/RPM-GPG-KEY-%s' % distro_version)) } do_compile[vardeps] += "${OS_RELEASE_FIELDS}" -do_compile[depends] += "signing-keys:do_export_public_keys" do_install () { install -d ${D}${sysconfdir} install -m 0644 os-release ${D}${sysconfdir}/ - - if [ -d "rpm-gpg" ]; then - install -d "${D}${sysconfdir}/pki" - cp -r "rpm-gpg" "${D}${sysconfdir}/pki/" - fi } |