diff options
author | Ioan-Adrian Ratiu <adrian.ratiu@ni.com> | 2016-03-10 12:02:55 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-11 16:50:27 +0000 |
commit | a40f27aa7802e8a0bd87a5417e35adbface62d05 (patch) | |
tree | b4b2dbb79f30970216735fb373efeee4cf8bf6d9 /meta/classes/package_ipk.bbclass | |
parent | c885b44480b14554c8835e114a2e5469a82f0598 (diff) | |
download | openembedded-core-contrib-a40f27aa7802e8a0bd87a5417e35adbface62d05.tar.gz |
gpg_sign: add local ipk package signing functionality
Implement ipk signing inside the sign_ipk bbclass using the gpg_sign
module and configure signing similar to how rpm does it. sign_ipk uses
gpg_sign's detach_sign because its functionality is identical to package
feed signing.
IPK signing process is a bit different from rpm:
- Signatures are stored outside ipk files; opkg connects to a feed
server and downloads them to verify a package.
- Signatures are of two types (both supported by opkg): binary or
ascii armoured. By default we sign using ascii armoured.
- Public keys are stored on targets to verify ipks using the
opkg-keyrings recipe.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/package_ipk.bbclass')
-rw-r--r-- | meta/classes/package_ipk.bbclass | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass index 51bee2890b..f1ad1d5c17 100644 --- a/meta/classes/package_ipk.bbclass +++ b/meta/classes/package_ipk.bbclass @@ -246,6 +246,11 @@ python do_package_ipk () { bb.utils.unlockfile(lf) raise bb.build.FuncFailed("opkg-build execution failed") + if d.getVar('IPK_SIGN_PACKAGES', True) == '1': + ipkver = "%s-%s" % (d.getVar('PKGV', True), d.getVar('PKGR', True)) + ipk_to_sign = "%s/%s_%s_%s.ipk" % (pkgoutdir, pkgname, ipkver, d.getVar('PACKAGE_ARCH', True)) + sign_ipk(d, ipk_to_sign) + cleanupcontrol(root) bb.utils.unlockfile(lf) |