From f30c1653cc5ef9daf594cbd3faad329b9fa08ab7 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Thu, 16 Mar 2017 15:19:05 +0200 Subject: lib/oe/package_manager: import rpm signing key to rpmdb Import the gpg key used in rpm signing into rpmdb. This makes it possible again to create images when rpm signing is enabled. Also, instruct dnf to enforce signature check if rpm signing is enabled. Signed-off-by: Markus Lehtonen Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/lib/oe/package_manager.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index b016bc32dc..eeb4c76071 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -520,7 +520,14 @@ class RpmPM(PackageManager): open(platformconfdir + "macros", 'a').write("%_prefer_color 7") if self.d.getVar('RPM_SIGN_PACKAGES') == '1': - raise NotImplementedError("Signature verification with rpm not yet supported.") + pubkey_path = self.d.getVar('RPM_GPG_PUBKEY') + rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmkeys") + cmd = [rpm_bin, '--root=%s' % self.target_rootfs, '--import', pubkey_path] + try: + subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as e: + bb.fatal("Importing GPG key failed. Command '%s' " + "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8"))) def create_configs(self): self._configure_dnf() @@ -570,7 +577,8 @@ class RpmPM(PackageManager): output = self._invoke_dnf((["--skip-broken"] if attempt_only else []) + (["-x", ",".join(exclude_pkgs)] if len(exclude_pkgs) > 0 else []) + (["--setopt=install_weak_deps=False"] if self.d.getVar('NO_RECOMMENDATIONS') == 1 else []) + - ["--nogpgcheck", "install"] + + (["--nogpgcheck"] if self.d.getVar('RPM_SIGN_PACKAGES') != '1' else ["--setopt=gpgcheck=True"]) + + ["install"] + pkgs) failed_scriptlets_pkgnames = collections.OrderedDict() -- cgit 1.2.3-korg