Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 6e60e8b2b2bab889379b380a28a167a0edd9d1d3 / . / import-layers / yocto-poky / meta / recipes-core / meta / signing-keys.bb
blob: aaa01d0c345037c099c62ed63c8f4cc8dd5aef9f [file] [log] [blame]
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]1# Copyright (C) 2015 Intel Corporation
2# Released under the MIT license (see COPYING.MIT for the terms)
3
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame]4SUMMARY = "Makes public keys of the signing keys available"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]5LICENSE = "MIT"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]6
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]7
8inherit allarch deploy
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]9
10EXCLUDE_FROM_WORLD = "1"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]11INHIBIT_DEFAULT_DEPS = "1"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]12
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame]13SYSROOT_DIRS += "${sysconfdir}/pki"
14
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]15PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]16
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]17FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
18FILES_${PN}-ipk = "${sysconfdir}/pki/ipk-gpg"
19FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
20
21python do_get_public_keys () {
22 from oe.gpg_sign import get_signer
23
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]24 if d.getVar("RPM_SIGN_PACKAGES"):
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]25 # Export public key of the rpm signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]26 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]27 signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]28 d.getVar('RPM_GPG_NAME'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]29
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]30 if d.getVar("IPK_SIGN_PACKAGES"):
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]31 # Export public key of the ipk signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]32 signer = get_signer(d, d.getVar('IPK_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]33 signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]34 d.getVar('IPK_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]35
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]36 if d.getVar('PACKAGE_FEED_SIGN') == '1':
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]37 # Export public key of the feed signing key
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]38 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND'))
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]39 signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]40 d.getVar('PACKAGE_FEED_GPG_NAME'))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]41}
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]42do_get_public_keys[cleandirs] = "${B}"
43addtask get_public_keys before do_install
44
45do_install () {
46 if [ -f "${B}/rpm-key" ]; then
47 install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}"
48 fi
49 if [ -f "${B}/ipk-key" ]; then
50 install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO_VERSION}"
51 fi
52 if [ -f "${B}/pf-key" ]; then
53 install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
54 fi
55}
56
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]57do_deploy () {
58 if [ -f "${B}/rpm-key" ]; then
59 install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}"
60 fi
61 if [ -f "${B}/ipk-key" ]; then
62 install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO_VERSION}"
63 fi
64 if [ -f "${B}/pf-key" ]; then
65 install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
66 fi
67}
68do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
69# cleandirs should possibly be in deploy.bbclass but we need it
70do_deploy[cleandirs] = "${DEPLOYDIR}"
71# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass
72do_deploy[stamp-extra-info] = ""
73addtask deploy after do_get_public_keys