blob: 107a39d6581da10083e979cb4b2062fed0f2fc96 [file] [log] [blame]
Patrick Williamsf1e5d692016-03-30 15:21:19 -05001# Copyright (C) 2015 Intel Corporation
2# Released under the MIT license (see COPYING.MIT for the terms)
3
Patrick Williamsc0f7c042017-02-23 20:41:17 -06004SUMMARY = "Makes public keys of the signing keys available"
Patrick Williamsf1e5d692016-03-30 15:21:19 -05005LICENSE = "MIT"
Patrick Williamsf1e5d692016-03-30 15:21:19 -05006
Patrick Williamsd8c66bc2016-06-20 12:57:21 -05007
8inherit allarch deploy
Patrick Williamsf1e5d692016-03-30 15:21:19 -05009
10EXCLUDE_FROM_WORLD = "1"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050011INHIBIT_DEFAULT_DEPS = "1"
Patrick Williamsf1e5d692016-03-30 15:21:19 -050012
Patrick Williamsc0f7c042017-02-23 20:41:17 -060013SYSROOT_DIRS += "${sysconfdir}/pki"
14
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050015PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed"
Patrick Williamsf1e5d692016-03-30 15:21:19 -050016
Patrick Williams213cb262021-08-07 19:21:33 -050017FILES:${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
18FILES:${PN}-ipk = "${sysconfdir}/pki/ipk-gpg"
19FILES:${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050020
Andrew Geissler615f2f12022-07-15 14:00:58 -050021RDEPENDS:${PN}-dev = ""
22
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050023python do_get_public_keys () {
24 from oe.gpg_sign import get_signer
25
Brad Bishop6e60e8b2018-02-01 10:27:11 -050026 if d.getVar("RPM_SIGN_PACKAGES"):
Patrick Williamsf1e5d692016-03-30 15:21:19 -050027 # Export public key of the rpm signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -050028 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050029 signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -050030 d.getVar('RPM_GPG_NAME'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050031
Brad Bishop6e60e8b2018-02-01 10:27:11 -050032 if d.getVar("IPK_SIGN_PACKAGES"):
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050033 # Export public key of the ipk signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -050034 signer = get_signer(d, d.getVar('IPK_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050035 signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -050036 d.getVar('IPK_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -050037
Brad Bishop6e60e8b2018-02-01 10:27:11 -050038 if d.getVar('PACKAGE_FEED_SIGN') == '1':
Patrick Williamsf1e5d692016-03-30 15:21:19 -050039 # Export public key of the feed signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -050040 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050041 signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -050042 d.getVar('PACKAGE_FEED_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -050043}
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050044do_get_public_keys[cleandirs] = "${B}"
45addtask get_public_keys before do_install
Brad Bishop316dfdd2018-06-25 12:45:53 -040046do_get_public_keys[depends] += "gnupg-native:do_populate_sysroot"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050047
48do_install () {
49 if [ -f "${B}/rpm-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050050 install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050051 fi
52 if [ -f "${B}/ipk-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050053 install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050054 fi
55 if [ -f "${B}/pf-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050056 install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050057 fi
58}
59
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050060do_deploy () {
61 if [ -f "${B}/rpm-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050062 install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050063 fi
64 if [ -f "${B}/ipk-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050065 install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050066 fi
67 if [ -f "${B}/pf-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -050068 install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050069 fi
70}
71do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
Brad Bishop316dfdd2018-06-25 12:45:53 -040072# clear stamp-extra-info since MACHINE_ARCH is normally put there by
73# deploy.bbclass
Patrick Williamsd8c66bc2016-06-20 12:57:21 -050074do_deploy[stamp-extra-info] = ""
75addtask deploy after do_get_public_keys
Brad Bishopd7bf8c12018-02-25 22:55:05 -050076
77# Delete unnecessary tasks. In particular, "do_unpack" _must_ be deleted because
78# it cleans ${B} and will wipe any keys exported by do_get_public_keys.
79deltask do_fetch
80deltask do_unpack
81deltask do_patch
82deltask do_configure
83deltask do_compile