Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / f1e5d6968976c2341c6d554bfcc8895f1b33c26b / . / meta / classes / sign_rpm.bbclass
blob: f0c3dc9be3ca71c09b7685a10695c3f4ed9cc336 [file] [log] [blame]
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]1# Class for generating signed RPM packages.
2#
3# Configuration variables used by this class:
4# RPM_GPG_PASSPHRASE_FILE
5# Path to a file containing the passphrase of the signing key.
6# RPM_GPG_NAME
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]7# Name of the key to sign with. May be key id or key name.
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]8# GPG_BIN
9# Optional variable for specifying the gpg binary/wrapper to use for
10# signing.
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]11# GPG_PATH
12# Optional variable for specifying the gnupg "home" directory:
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]13#
14inherit sanity
15
16RPM_SIGN_PACKAGES='1'
17
18
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]19python () {
20 # Check configuration
21 for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
22 if not d.getVar(var, True):
23 raise_sanity_error("You need to define %s in the config" % var, d)
24
25 # Set the expected location of the public key
26 d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
27 'RPM-GPG-PUBKEY'))
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]28}
29
30
31def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
32 import pexpect
33
34 # Find the correct rpm binary
35 rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]36 cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]37 if d.getVar('GPG_BIN', True):
38 cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]39 if d.getVar('GPG_PATH', True):
40 cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True)
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]41 cmd += ' '.join(files)
42
43 # Need to use pexpect for feeding the passphrase
44 proc = pexpect.spawn(cmd)
45 try:
46 proc.expect_exact('Enter pass phrase:', timeout=15)
47 proc.sendline(passphrase)
48 proc.expect(pexpect.EOF, timeout=900)
49 proc.close()
50 except pexpect.TIMEOUT as err:
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]51 bb.warn('rpmsign timeout: %s' % err)
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]52 proc.terminate()
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]53 else:
54 if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
55 bb.warn('rpmsign failed: %s' % proc.before.strip())
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]56 return proc.exitstatus
57
58
59python sign_rpm () {
60 import glob
61
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]62 with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:
63 rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
Patrick Williamsc124f4f2015-09-15 14:41:29 -0500[diff] [blame]64
65 rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")
66
67 rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
68
69 if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
70 raise bb.build.FuncFailed("RPM signing failed")
71}
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]72
73do_package_index[depends] += "signing-keys:do_export_public_keys"