diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2015-10-16 13:37:32 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-10-24 12:17:16 +0100 |
commit | 23b30c34581948e1ea02c25cbf7b9194d7e49fb8 (patch) | |
tree | 082e43bc0b74f6ebabced5c6ad34890f609e5399 /meta/recipes-core/meta/signing-keys.bb | |
parent | 49a5c8700deddac744ccfa033bebf7971f92e14b (diff) | |
download | openembedded-core-contrib-23b30c34581948e1ea02c25cbf7b9194d7e49fb8.tar.gz |
package signing: automatically export public keys
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Diffstat (limited to 'meta/recipes-core/meta/signing-keys.bb')
-rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb new file mode 100644 index 0000000000..cc401f3b6c --- /dev/null +++ b/meta/recipes-core/meta/signing-keys.bb @@ -0,0 +1,45 @@ +# Copyright (C) 2015 Intel Corporation +# Released under the MIT license (see COPYING.MIT for the terms) + +DESCRIPTION = "Make public keys of the signing keys available" +LICENSE = "MIT" +PACKAGES = "" + +do_fetch[noexec] = "1" +do_unpack[noexec] = "1" +do_patch[noexec] = "1" +do_configure[noexec] = "1" +do_compile[noexec] = "1" +do_install[noexec] = "1" +do_package[noexec] = "1" +do_packagedata[noexec] = "1" +do_package_write_ipk[noexec] = "1" +do_package_write_rpm[noexec] = "1" +do_package_write_deb[noexec] = "1" +do_populate_sysroot[noexec] = "1" + +EXCLUDE_FROM_WORLD = "1" + +def export_gpg_pubkey(d, keyid, path): + import bb + gpg_bin = d.getVar('GPG_BIN', True) or \ + bb.utils.which(os.getenv('PATH'), "gpg") + cmd = '%s --batch --yes --export --armor -o %s %s' % \ + (gpg_bin, path, keyid) + status, output = oe.utils.getstatusoutput(cmd) + if status: + raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % + (keyid, output)) + +python do_export_public_keys () { + if d.getVar("RPM_SIGN_PACKAGES", True): + # Export public key of the rpm signing key + export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True), + d.getVar('RPM_GPG_PUBKEY', True)) + + if d.getVar('PACKAGE_FEED_SIGN', True) == '1': + # Export public key of the feed signing key + export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True), + d.getVar('PACKAGE_FEED_GPG_PUBKEY', True)) +} +addtask do_export_public_keys before do_build |