diff options
Diffstat (limited to 'meta/classes/sign_rpm.bbclass')
-rw-r--r-- | meta/classes/sign_rpm.bbclass | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index a8ea75faaa..64ae7ce30e 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass @@ -9,45 +9,63 @@ # Optional variable for specifying the backend to use for signing. # Currently the only available option is 'local', i.e. local signing # on the build host. +# RPM_FILE_CHECKSUM_DIGEST +# Optional variable for specifying the algorithm for generating file +# checksum digest. +# RPM_FSK_PATH +# Optional variable for the file signing key. +# RPM_FSK_PASSWORD +# Optional variable for the file signing key password. # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. +# RPM_GPG_SIGN_CHUNK +# Optional variable indicating the number of packages used per gpg +# invocation # GPG_PATH # Optional variable for specifying the gnupg "home" directory: -# + inherit sanity RPM_SIGN_PACKAGES='1' +RPM_SIGN_FILES ?= '0' RPM_GPG_BACKEND ?= 'local' +# SHA-256 is used by default +RPM_FILE_CHECKSUM_DIGEST ?= '8' +RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}" python () { - if d.getVar('RPM_GPG_PASSPHRASE_FILE', True): + if d.getVar('RPM_GPG_PASSPHRASE_FILE'): raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d) # Check configuration for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): - if not d.getVar(var, True): + if not d.getVar(var): raise_sanity_error("You need to define %s in the config" % var, d) - # Set the expected location of the public key - d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_DIR_TARGET', False), - d.getVar('sysconfdir', False), - 'pki', - 'rpm-gpg', - 'RPM-GPG-KEY-${DISTRO_VERSION}')) + if d.getVar('RPM_SIGN_FILES') == '1': + for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'): + if not d.getVar(var): + raise_sanity_error("You need to define %s in the config" % var, d) } python sign_rpm () { import glob from oe.gpg_sign import get_signer - signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) - rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*') + signer = get_signer(d, d.getVar('RPM_GPG_BACKEND')) + rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*') signer.sign_rpms(rpms, - d.getVar('RPM_GPG_NAME', True), - d.getVar('RPM_GPG_PASSPHRASE', True)) + d.getVar('RPM_GPG_NAME'), + d.getVar('RPM_GPG_PASSPHRASE'), + d.getVar('RPM_FILE_CHECKSUM_DIGEST'), + int(d.getVar('RPM_GPG_SIGN_CHUNK')), + d.getVar('RPM_FSK_PATH'), + d.getVar('RPM_FSK_PASSWORD')) } do_package_index[depends] += "signing-keys:do_deploy" do_rootfs[depends] += "signing-keys:do_populate_sysroot" + +PACKAGE_WRITE_DEPS += "gnupg-native" |