Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 213cb2696d00a85cd48d356cb5131824a302d828 / . / poky / meta / recipes-core / meta / signing-keys.bb
blob: 03463f95f56f404f28b9f726b05de3f68eb3b81a [file] [log] [blame]
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]1# Copyright (C) 2015 Intel Corporation
2# Released under the MIT license (see COPYING.MIT for the terms)
3
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame]4SUMMARY = "Makes public keys of the signing keys available"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]5LICENSE = "MIT"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]6
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]7
8inherit allarch deploy
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]9
10EXCLUDE_FROM_WORLD = "1"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]11INHIBIT_DEFAULT_DEPS = "1"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]12
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame]13SYSROOT_DIRS += "${sysconfdir}/pki"
14
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]15PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]16
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame^]17FILES:${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
18FILES:${PN}-ipk = "${sysconfdir}/pki/ipk-gpg"
19FILES:${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]20
21python do_get_public_keys () {
22 from oe.gpg_sign import get_signer
23
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]24 if d.getVar("RPM_SIGN_PACKAGES"):
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]25 # Export public key of the rpm signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]26 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]27 signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]28 d.getVar('RPM_GPG_NAME'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]29
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]30 if d.getVar("IPK_SIGN_PACKAGES"):
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]31 # Export public key of the ipk signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]32 signer = get_signer(d, d.getVar('IPK_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]33 signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]34 d.getVar('IPK_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]35
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]36 if d.getVar('PACKAGE_FEED_SIGN') == '1':
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]37 # Export public key of the feed signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]38 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]39 signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame]40 d.getVar('PACKAGE_FEED_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]41}
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]42do_get_public_keys[cleandirs] = "${B}"
43addtask get_public_keys before do_install
Brad Bishop316dfdd2018-06-25 12:45:53 -0400[diff] [blame]44do_get_public_keys[depends] += "gnupg-native:do_populate_sysroot"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]45
46do_install () {
47 if [ -f "${B}/rpm-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]48 install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]49 fi
50 if [ -f "${B}/ipk-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]51 install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]52 fi
53 if [ -f "${B}/pf-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]54 install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]55 fi
56}
57
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]58do_deploy () {
59 if [ -f "${B}/rpm-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]60 install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]61 fi
62 if [ -f "${B}/ipk-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]63 install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]64 fi
65 if [ -f "${B}/pf-key" ]; then
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]66 install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO}-${DISTRO_CODENAME}"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]67 fi
68}
69do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
Brad Bishop316dfdd2018-06-25 12:45:53 -0400[diff] [blame]70# clear stamp-extra-info since MACHINE_ARCH is normally put there by
71# deploy.bbclass
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]72do_deploy[stamp-extra-info] = ""
73addtask deploy after do_get_public_keys
Brad Bishopd7bf8c12018-02-25 22:55:05 -0500[diff] [blame]74
75# Delete unnecessary tasks. In particular, "do_unpack" _must_ be deleted because
76# it cleans ${B} and will wipe any keys exported by do_get_public_keys.
77deltask do_fetch
78deltask do_unpack
79deltask do_patch
80deltask do_configure
81deltask do_compile