From 4445c645c71151bd56ff7e133343a6f1e30cc3b3 Mon Sep 17 00:00:00 2001
From: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Date: Wed, 10 Feb 2016 16:15:55 +0200
Subject: oe/gpg_sign: add verify() method

A new method for verifying detached signatures.

[YOCTO #9006]

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/lib/oe/gpg_sign.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 821787ec7e..a4f310e536 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -65,6 +65,16 @@ class LocalSigner(object):
             raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %
                                       (input_file, output))
 
+    def verify(self, sig_file):
+        """Verify signature"""
+        cmd = self.gpg_bin + " --verify "
+        if self.gpg_path:
+            cmd += "--homedir %s " % self.gpg_path
+        cmd += sig_file
+        status, _ = oe.utils.getstatusoutput(cmd)
+        ret = False if status else True
+        return ret
+
 
 def get_signer(d, backend, keyid, passphrase_file):
     """Get signer object for the specified backend"""
-- 
cgit 1.2.3-korg