summaryrefslogtreecommitdiffstats
path: root/meta/classes
diff options
context:
space:
mode:
authorDaniel McGregor <daniel.mcgregor@vecima.com>2021-10-12 22:04:56 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-10-14 22:52:09 +0100
commit52ba0c5e6e2e3d5d01dc3f01404f0ab1bb29b3b5 (patch)
tree336fca89828a45fc956e30e2483a71b59646b893 /meta/classes
parentc46a6ec91bd40a458cb0ef5ec84bc0cc274d9cef (diff)
downloadopenembedded-core-52ba0c5e6e2e3d5d01dc3f01404f0ab1bb29b3b5.tar.gz
sstate: Allow validation of sstate singatures against list of keys
Allow a user to validate sstate objects against a list of keys, instead of just any known key in the user's keychain. Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/sstate.bbclass5
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index c125286f74..7f034d746a 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -116,6 +116,9 @@ SSTATE_SIG_KEY ?= ""
SSTATE_SIG_PASSPHRASE ?= ""
# Whether to verify the GnUPG signatures when extracting sstate archives
SSTATE_VERIFY_SIG ?= "0"
+# List of signatures to consider valid.
+SSTATE_VALID_SIGS ??= ""
+SSTATE_VALID_SIGS[vardepvalue] = ""
SSTATE_HASHEQUIV_METHOD ?= "oe.sstatesig.OEOuthashBasic"
SSTATE_HASHEQUIV_METHOD[doc] = "The fully-qualified function used to calculate \
@@ -372,7 +375,7 @@ def sstate_installpkg(ss, d):
bb.warn("No signature file for sstate package %s, skipping acceleration..." % sstatepkg)
return False
signer = get_signer(d, 'local')
- if not signer.verify(sstatepkg + '.sig'):
+ if not signer.verify(sstatepkg + '.sig', d.getVar("SSTATE_VALID_SIGS")):
bb.warn("Cannot verify signature on sstate package %s, skipping acceleration..." % sstatepkg)
return False
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 21:18:05 +0000