From 1e38068ac38dfd067655dfd41464e28439179306 Mon Sep 17 00:00:00 2001 From: Randy Witt Date: Fri, 19 Feb 2016 08:45:25 -0800 Subject: signing-keys: Make signing keys the only publisher of keys Previously the keys were put into the os-release package. The package indexing code was also deploying the keys rather than only using the keys. This change makes signing-keys.bb the only publisher of the keys and also uses standard tasks that already have sstate. Signed-off-by: Randy Witt Signed-off-by: Richard Purdie --- meta/recipes-core/meta/signing-keys.bb | 61 ++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 18 deletions(-) (limited to 'meta/recipes-core/meta') diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index d7763c664e..1d0e8344ef 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb @@ -3,37 +3,62 @@ DESCRIPTION = "Make public keys of the signing keys available" LICENSE = "MIT" -PACKAGES = "" - -do_fetch[noexec] = "1" -do_unpack[noexec] = "1" -do_patch[noexec] = "1" -do_configure[noexec] = "1" -do_compile[noexec] = "1" -do_install[noexec] = "1" -do_package[noexec] = "1" -do_packagedata[noexec] = "1" -do_package_write_ipk[noexec] = "1" -do_package_write_rpm[noexec] = "1" -do_package_write_deb[noexec] = "1" -do_populate_sysroot[noexec] = "1" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + + +inherit allarch deploy EXCLUDE_FROM_WORLD = "1" +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGES =+ "${PN}-rpm ${PN}-packagefeed" +FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg" +FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg" -python do_export_public_keys () { +python do_get_public_keys () { from oe.gpg_sign import get_signer if d.getVar("RPM_SIGN_PACKAGES", True): # Export public key of the rpm signing key signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True)) - signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True), + signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'), d.getVar('RPM_GPG_NAME', True)) if d.getVar('PACKAGE_FEED_SIGN', True) == '1': # Export public key of the feed signing key signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) - signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True), + signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'), d.getVar('PACKAGE_FEED_GPG_NAME', True)) } -addtask do_export_public_keys before do_build +do_get_public_keys[cleandirs] = "${B}" +addtask get_public_keys before do_install + +do_install () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi +} + +sysroot_stage_all_append () { + sysroot_stage_dir ${D}${sysconfdir}/pki ${SYSROOT_DESTDIR}${sysconfdir}/pki +} + +do_deploy () { + if [ -f "${B}/rpm-key" ]; then + install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}" + fi + if [ -f "${B}/pf-key" ]; then + install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}" + fi +} +do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}" +# cleandirs should possibly be in deploy.bbclass but we need it +do_deploy[cleandirs] = "${DEPLOYDIR}" +# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass +do_deploy[stamp-extra-info] = "" +addtask deploy after do_get_public_keys -- cgit 1.2.3-korg