1 files changed, 31 insertions, 13 deletions

diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index a8ea75faaa..64ae7ce30e 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -9,45 +9,63 @@
 #           Optional variable for specifying the backend to use for signing.
 #           Currently the only available option is 'local', i.e. local signing
 #           on the build host.
+# RPM_FILE_CHECKSUM_DIGEST
+#           Optional variable for specifying the algorithm for generating file
+#           checksum digest.
+# RPM_FSK_PATH
+#           Optional variable for the file signing key.
+# RPM_FSK_PASSWORD
+#           Optional variable for the file signing key password.
 # GPG_BIN
 #           Optional variable for specifying the gpg binary/wrapper to use for
 #           signing.
+# RPM_GPG_SIGN_CHUNK
+#           Optional variable indicating the number of packages used per gpg
+#           invocation
 # GPG_PATH
 #           Optional variable for specifying the gnupg "home" directory:
-#
+
 inherit sanity
 
 RPM_SIGN_PACKAGES='1'
+RPM_SIGN_FILES ?= '0'
 RPM_GPG_BACKEND ?= 'local'
+# SHA-256 is used by default
+RPM_FILE_CHECKSUM_DIGEST ?= '8'
+RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
 
 
 python () {
-    if d.getVar('RPM_GPG_PASSPHRASE_FILE', True):
+    if d.getVar('RPM_GPG_PASSPHRASE_FILE'):
         raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d)
     # Check configuration
     for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
-        if not d.getVar(var, True):
+        if not d.getVar(var):
             raise_sanity_error("You need to define %s in the config" % var, d)
 
-    # Set the expected location of the public key
-    d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_DIR_TARGET', False),
-                                            d.getVar('sysconfdir', False),
-                                            'pki',
-                                            'rpm-gpg',
-                                            'RPM-GPG-KEY-${DISTRO_VERSION}'))
+    if d.getVar('RPM_SIGN_FILES') == '1':
+        for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'):
+            if not d.getVar(var):
+                raise_sanity_error("You need to define %s in the config" % var, d)
 }
 
 python sign_rpm () {
     import glob
     from oe.gpg_sign import get_signer
 
-    signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
-    rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
+    signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
+    rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*')
 
     signer.sign_rpms(rpms,
-                     d.getVar('RPM_GPG_NAME', True),
-                     d.getVar('RPM_GPG_PASSPHRASE', True))
+                     d.getVar('RPM_GPG_NAME'),
+                     d.getVar('RPM_GPG_PASSPHRASE'),
+                     d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
+                     int(d.getVar('RPM_GPG_SIGN_CHUNK')),
+                     d.getVar('RPM_FSK_PATH'),
+                     d.getVar('RPM_FSK_PASSWORD'))
 }
 
 do_package_index[depends] += "signing-keys:do_deploy"
 do_rootfs[depends] += "signing-keys:do_populate_sysroot"
+
+PACKAGE_WRITE_DEPS += "gnupg-native"