Blame - yocto-poky/meta/classes/sign_rpm.bbclass - openbmc/openbmc

blob: a8ea75faaa9429cfe5ae3a51a7b46c3f5c03507b [file] [log] [blame]

Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	1	# Class for generating signed RPM packages.
				2	#
				3	# Configuration variables used by this class:
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	4	# RPM_GPG_PASSPHRASE
				5	# The passphrase of the signing key.
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	6	# RPM_GPG_NAME
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	7	# Name of the key to sign with. May be key id or key name.
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	8	# RPM_GPG_BACKEND
				9	# Optional variable for specifying the backend to use for signing.
				10	# Currently the only available option is 'local', i.e. local signing
				11	# on the build host.
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	12	# GPG_BIN
				13	# Optional variable for specifying the gpg binary/wrapper to use for
				14	# signing.
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	15	# GPG_PATH
				16	# Optional variable for specifying the gnupg "home" directory:
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	17	#
				18	inherit sanity
				19
				20	RPM_SIGN_PACKAGES='1'
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	21	RPM_GPG_BACKEND ?= 'local'
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	22
				23
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	24	python () {
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	25	if d.getVar('RPM_GPG_PASSPHRASE_FILE', True):
				26	raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d)
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	27	# Check configuration
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	28	for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	29	if not d.getVar(var, True):
				30	raise_sanity_error("You need to define %s in the config" % var, d)
				31
				32	# Set the expected location of the public key
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	33	d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_DIR_TARGET', False),
				34	d.getVar('sysconfdir', False),
				35	'pki',
				36	'rpm-gpg',
				37	'RPM-GPG-KEY-${DISTRO_VERSION}'))
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	38	}
				39
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	40	python sign_rpm () {
				41	import glob
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	42	from oe.gpg_sign import get_signer
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	43
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	44	signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	45	rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
				46
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	47	signer.sign_rpms(rpms,
				48	d.getVar('RPM_GPG_NAME', True),
				49	d.getVar('RPM_GPG_PASSPHRASE', True))
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	50	}
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame]	51
Patrick Williams	d8c66bc	2016-06-20 12:57:21 -0500	[diff] [blame^]	52	do_package_index[depends] += "signing-keys:do_deploy"
				53	do_rootfs[depends] += "signing-keys:do_populate_sysroot"