diff options
Diffstat (limited to 'meta/classes/sign_rpm.bbclass')
| -rw-r--r-- | meta/classes/sign_rpm.bbclass | 47 |
1 files changed, 11 insertions, 36 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 7906b6413b..8bcabeec91 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass @@ -5,6 +5,10 @@ # Path to a file containing the passphrase of the signing key. # RPM_GPG_NAME # Name of the key to sign with. May be key id or key name. +# RPM_GPG_BACKEND +# Optional variable for specifying the backend to use for signing. +# Currently the only available option is 'local', i.e. local signing +# on the build host. # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. @@ -14,6 +18,7 @@ inherit sanity RPM_SIGN_PACKAGES='1' +RPM_GPG_BACKEND ?= 'local' python () { @@ -27,47 +32,17 @@ python () { 'RPM-GPG-PUBKEY')) } - -def rpmsign_wrapper(d, files, passphrase, gpg_name=None): - import pexpect - - # Find the correct rpm binary - rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm' - cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name - if d.getVar('GPG_BIN', True): - cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True) - if d.getVar('GPG_PATH', True): - cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True) - cmd += ' '.join(files) - - # Need to use pexpect for feeding the passphrase - proc = pexpect.spawn(cmd) - try: - proc.expect_exact('Enter pass phrase:', timeout=15) - proc.sendline(passphrase) - proc.expect(pexpect.EOF, timeout=900) - proc.close() - except pexpect.TIMEOUT as err: - bb.warn('rpmsign timeout: %s' % err) - proc.terminate() - else: - if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status): - bb.warn('rpmsign failed: %s' % proc.before.strip()) - return proc.exitstatus - - python sign_rpm () { import glob + from oe.gpg_sign import get_signer - with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj: - rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n') - - rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "") - + signer = get_signer(d, + d.getVar('RPM_GPG_BACKEND', True), + d.getVar('RPM_GPG_NAME', True), + d.getVar('RPM_GPG_PASSPHRASE_FILE', True)) rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*') - if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0: - raise bb.build.FuncFailed("RPM signing failed") + signer.sign_rpms(rpms) } do_package_index[depends] += "signing-keys:do_export_public_keys" |