diff options
Diffstat (limited to 'meta/recipes-core/meta/signing-keys.bb')
-rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 106 |
1 files changed, 72 insertions, 34 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index cc401f3b6c..107a39d658 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb @@ -1,45 +1,83 @@ # Copyright (C) 2015 Intel Corporation # Released under the MIT license (see COPYING.MIT for the terms) -DESCRIPTION = "Make public keys of the signing keys available" +SUMMARY = "Makes public keys of the signing keys available" LICENSE = "MIT" -PACKAGES = "" - -do_fetch[noexec] = "1" -do_unpack[noexec] = "1" -do_patch[noexec] = "1" -do_configure[noexec] = "1" -do_compile[noexec] = "1" -do_install[noexec] = "1" -do_package[noexec] = "1" -do_packagedata[noexec] = "1" -do_package_write_ipk[noexec] = "1" -do_package_write_rpm[noexec] = "1" -do_package_write_deb[noexec] = "1" -do_populate_sysroot[noexec] = "1" + + +inherit allarch deploy EXCLUDE_FROM_WORLD = "1" +INHIBIT_DEFAULT_DEPS = "1" + +SYSROOT_DIRS += "${sysconfdir}/pki" + +PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed" + +FILES:${PN}-rpm = "${sysconfdir}/pki/rpm-gpg" +FILES:${PN}-ipk = "${sysconfdir}/pki/ipk-gpg" +FILES:${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg" + +RDEPENDS:${PN}-dev = "" + +python do_get_public_keys () { + from oe.gpg_sign import get_signer -def export_gpg_pubkey(d, keyid, path): - import bb - gpg_bin = d.getVar('GPG_BIN', True) or \ - bb.utils.which(os.getenv('PATH'), "gpg") - cmd = '%s --batch --yes --export --armor -o %s %s' % \ - (gpg_bin, path, keyid) - status, output = oe.utils.getstatusoutput(cmd) - if status: - raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % - (keyid, output)) - -python do_export_public_keys () { - if d.getVar("RPM_SIGN_PACKAGES", True): + if d.getVar("RPM_SIGN_PACKAGES"): # Export public key of the rpm signing key - export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True), - d.getVar('RPM_GPG_PUBKEY', True)) + signer = get_signer(d, d.getVar('RPM_GPG_BACKEND')) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'), + d.getVar('RPM_GPG_NAME')) - if d.getVar('PACKAGE_FEED_SIGN', True) == '1': + if d.getVar("IPK_SIGN_PACKAGES"): + # Export public key of the ipk signing key + signer = get_signer(d, d.getVar('IPK_GPG_BACKEND')) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'), + d.getVar('IPK_GPG_NAME')) + + if d.getVar('PACKAGE_FEED_SIGN') == '1': # Export public key of the feed signing key - export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True), - d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) + signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND')) + signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'), + d.getVar('PACKAGE_FEED_GPG_NAME')) +} +do_get_public_keys[cleandirs] = "${B}" +addtask get_public_keys before do_install +do_get_public_keys[depends] += "gnupg-native:do_populate_sysroot" + +do_install () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi + if [ -f "${B}/ipk-key" ]; then + install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi } -addtask do_export_public_keys before do_build + +do_deploy () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi + if [ -f "${B}/ipk-key" ]; then + install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}" + fi +} +do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}" +# clear stamp-extra-info since MACHINE_ARCH is normally put there by +# deploy.bbclass +do_deploy[stamp-extra-info] = "" +addtask deploy after do_get_public_keys + +# Delete unnecessary tasks. In particular, "do_unpack" _must_ be deleted because +# it cleans ${B} and will wipe any keys exported by do_get_public_keys. +deltask do_fetch +deltask do_unpack +deltask do_patch +deltask do_configure +deltask do_compile |