Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 6e60e8b2b2bab889379b380a28a167a0edd9d1d3 / . / import-layers / yocto-poky / meta / classes / sign_rpm.bbclass
blob: bc2e947107c444a2e4b330849c8df6c42ba8d65c [file] [log] [blame]
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]1# Class for generating signed RPM packages.
2#
3# Configuration variables used by this class:
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]4# RPM_GPG_PASSPHRASE
5# The passphrase of the signing key.
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]6# RPM_GPG_NAME
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]7# Name of the key to sign with. May be key id or key name.
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]8# RPM_GPG_BACKEND
9# Optional variable for specifying the backend to use for signing.
10# Currently the only available option is 'local', i.e. local signing
11# on the build host.
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]12# GPG_BIN
13# Optional variable for specifying the gpg binary/wrapper to use for
14# signing.
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]15# GPG_PATH
16# Optional variable for specifying the gnupg "home" directory:
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]17#
18inherit sanity
19
20RPM_SIGN_PACKAGES='1'
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]21RPM_GPG_BACKEND ?= 'local'
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]22
23
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]24python () {
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]25 if d.getVar('RPM_GPG_PASSPHRASE_FILE'):
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]26 raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d)
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]27 # Check configuration
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]28 for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]29 if not d.getVar(var):
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]30 raise_sanity_error("You need to define %s in the config" % var, d)
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]31}
32
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]33python sign_rpm () {
34 import glob
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]35 from oe.gpg_sign import get_signer
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]36
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]37 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
38 rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*')
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]39
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]40 signer.sign_rpms(rpms,
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]41 d.getVar('RPM_GPG_NAME'),
42 d.getVar('RPM_GPG_PASSPHRASE'))
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]43}
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]44
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]45do_package_index[depends] += "signing-keys:do_deploy"
46do_rootfs[depends] += "signing-keys:do_populate_sysroot"