From a40f27aa7802e8a0bd87a5417e35adbface62d05 Mon Sep 17 00:00:00 2001 From: Ioan-Adrian Ratiu Date: Thu, 10 Mar 2016 12:02:55 +0200 Subject: gpg_sign: add local ipk package signing functionality Implement ipk signing inside the sign_ipk bbclass using the gpg_sign module and configure signing similar to how rpm does it. sign_ipk uses gpg_sign's detach_sign because its functionality is identical to package feed signing. IPK signing process is a bit different from rpm: - Signatures are stored outside ipk files; opkg connects to a feed server and downloads them to verify a package. - Signatures are of two types (both supported by opkg): binary or ascii armoured. By default we sign using ascii armoured. - Public keys are stored on targets to verify ipks using the opkg-keyrings recipe. Signed-off-by: Ioan-Adrian Ratiu Signed-off-by: Richard Purdie --- meta/classes/package_ipk.bbclass | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'meta/classes/package_ipk.bbclass') diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass index 51bee2890b..f1ad1d5c17 100644 --- a/meta/classes/package_ipk.bbclass +++ b/meta/classes/package_ipk.bbclass @@ -246,6 +246,11 @@ python do_package_ipk () { bb.utils.unlockfile(lf) raise bb.build.FuncFailed("opkg-build execution failed") + if d.getVar('IPK_SIGN_PACKAGES', True) == '1': + ipkver = "%s-%s" % (d.getVar('PKGV', True), d.getVar('PKGR', True)) + ipk_to_sign = "%s/%s_%s_%s.ipk" % (pkgoutdir, pkgname, ipkver, d.getVar('PACKAGE_ARCH', True)) + sign_ipk(d, ipk_to_sign) + cleanupcontrol(root) bb.utils.unlockfile(lf) -- cgit 1.2.3-korg