Blame - meta/classes/sign_rpm.bbclass - stefanberger/openbmc

blob: f0c3dc9be3ca71c09b7685a10695c3f4ed9cc336 [file] [log] [blame]

Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	1	# Class for generating signed RPM packages.
				2	#
				3	# Configuration variables used by this class:
				4	# RPM_GPG_PASSPHRASE_FILE
				5	# Path to a file containing the passphrase of the signing key.
				6	# RPM_GPG_NAME
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	7	# Name of the key to sign with. May be key id or key name.
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	8	# GPG_BIN
				9	# Optional variable for specifying the gpg binary/wrapper to use for
				10	# signing.
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	11	# GPG_PATH
				12	# Optional variable for specifying the gnupg "home" directory:
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	13	#
				14	inherit sanity
				15
				16	RPM_SIGN_PACKAGES='1'
				17
				18
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	19	python () {
				20	# Check configuration
				21	for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
				22	if not d.getVar(var, True):
				23	raise_sanity_error("You need to define %s in the config" % var, d)
				24
				25	# Set the expected location of the public key
				26	d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
				27	'RPM-GPG-PUBKEY'))
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	28	}
				29
				30
				31	def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
				32	import pexpect
				33
				34	# Find the correct rpm binary
				35	rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	36	cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	37	if d.getVar('GPG_BIN', True):
				38	cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	39	if d.getVar('GPG_PATH', True):
				40	cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True)
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	41	cmd += ' '.join(files)
				42
				43	# Need to use pexpect for feeding the passphrase
				44	proc = pexpect.spawn(cmd)
				45	try:
				46	proc.expect_exact('Enter pass phrase:', timeout=15)
				47	proc.sendline(passphrase)
				48	proc.expect(pexpect.EOF, timeout=900)
				49	proc.close()
				50	except pexpect.TIMEOUT as err:
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	51	bb.warn('rpmsign timeout: %s' % err)
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	52	proc.terminate()
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	53	else:
				54	if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
				55	bb.warn('rpmsign failed: %s' % proc.before.strip())
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	56	return proc.exitstatus
				57
				58
				59	python sign_rpm () {
				60	import glob
				61
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	62	with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:
				63	rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
Patrick Williams	c124f4f	2015-09-15 14:41:29 -0500	[diff] [blame]	64
				65	rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")
				66
				67	rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
				68
				69	if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
				70	raise bb.build.FuncFailed("RPM signing failed")
				71	}
Patrick Williams	f1e5d69	2016-03-30 15:21:19 -0500	[diff] [blame^]	72
				73	do_package_index[depends] += "signing-keys:do_export_public_keys"