diff options
author | Ferry Toth <ftoth@exalondelft.nl> | 2022-04-03 21:50:45 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-05 22:25:09 +0100 |
commit | fcc3cee276999efe6402959eb295e7a0e1e96f96 (patch) | |
tree | fa05879bf14e99820489d8d89c0cb2db5350e947 | |
parent | cfcaa54dc73925df448099fb60f75b18350b2a3b (diff) | |
download | openembedded-core-contrib-fcc3cee276999efe6402959eb295e7a0e1e96f96.tar.gz |
package_manager: sign DEB package feeds
Implement debian package repository signature.
For each Release file created in repository subdirectory, a signature
Release.gpg is created.
Signature is performed using gpg backend when the following variables
are set in local.conf:
PACKAGE_CLASSES += "sign_package_feed"
PACKAGE_FEED_GPG_NAME = "<Id of GPG key>"
PACKAGE_FEED_GPG_PASSPHRASE_FILE="<path to password file>"
Signed-off-by: Xavier Berger <xavier.berger@bio-logic.net>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/lib/oe/package_manager/deb/__init__.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/meta/lib/oe/package_manager/deb/__init__.py b/meta/lib/oe/package_manager/deb/__init__.py index 9f112ae25b..86ddb130ad 100644 --- a/meta/lib/oe/package_manager/deb/__init__.py +++ b/meta/lib/oe/package_manager/deb/__init__.py @@ -53,6 +53,7 @@ class DpkgIndexer(Indexer): index_cmds = [] deb_dirs_found = False + index_sign_files = set() for arch in arch_list: arch_dir = os.path.join(self.deploy_dir, arch) if not os.path.isdir(arch_dir): @@ -62,7 +63,10 @@ class DpkgIndexer(Indexer): cmd += "%s -fcn Packages > Packages.gz;" % gzip - with open(os.path.join(arch_dir, "Release"), "w+") as release: + release_file = os.path.join(arch_dir, "Release") + index_sign_files.add(release_file) + + with open(release_file, "w+") as release: release.write("Label: %s\n" % arch) cmd += "PSEUDO_UNLOAD=1 %s release . >> Release" % apt_ftparchive @@ -76,8 +80,17 @@ class DpkgIndexer(Indexer): return oe.utils.multiprocess_launch(create_index, index_cmds, self.d) - if self.d.getVar('PACKAGE_FEED_SIGN') == '1': - raise NotImplementedError('Package feed signing not implementd for dpkg') + if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1': + signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True)) + else: + signer = None + if signer: + for f in index_sign_files: + signer.detach_sign(f, + self.d.getVar('PACKAGE_FEED_GPG_NAME', True), + self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True), + output_suffix="gpg", + use_sha256=True) class PMPkgsList(PkgsList): |