On 02/03/16 16:47, "Ioan-Adrian Ratiu" <adrian.ra...@ni.com> wrote:


>Create gpg signed ipk package feeds using the gpg backend if configured.
>
>Signed-off-by: Ioan-Adrian Ratiu <adrian.ra...@ni.com>
>---
> meta/classes/sign_package_feed.bbclass | 17 ++++++++++++++++-
> meta/lib/oe/package_manager.py         | 17 +++++++++++++++--
> 2 files changed, 31 insertions(+), 3 deletions(-)
>
>diff --git a/meta/classes/sign_package_feed.bbclass 
>b/meta/classes/sign_package_feed.bbclass
>index e1ec82e..ddb6ac5 100644
>--- a/meta/classes/sign_package_feed.bbclass
>+++ b/meta/classes/sign_package_feed.bbclass
>@@ -10,6 +10,12 @@
> #           Optional variable for specifying the backend to use for signing.
> #           Currently the only available option is 'local', i.e. local signing
> #           on the build host.
>+# PACKAGE_FEED_GPG_SIGNATURE_TYPE
>+#           Optional variable for specifying the type of gpg signature, can 
>be:
>+#               1. Ascii armored (ASC), default if not set
>+#               2. Binary (BIN)
>+#           This variable is only available for IPK feeds. It is ignored on
>+#           other packaging backends.
> # GPG_BIN
> #           Optional variable for specifying the gpg binary/wrapper to use for
> #           signing.
>@@ -20,13 +26,22 @@ inherit sanity
> 
> PACKAGE_FEED_SIGN = '1'
> PACKAGE_FEED_GPG_BACKEND ?= 'local'
>-
>+PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC'
> 
> python () {
>     # Check sanity of configuration
>     for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
>         if not d.getVar(var, True):
>             raise_sanity_error("You need to define %s in the config" % var, d)
>+
>+    sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE", True)
>+    if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
>+        raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE 
>(%s), use either ASC or BIN" % sigtype)
>+
>+    # Set expected location of the public key
>+    d.setVar('PACKAGE_FEED_GPG_PUBKEY',
>+             os.path.join(d.getVar('STAGING_ETCDIR_NATIVE', False),
>+                                   'PACKAGE-FEED-GPG-PUBKEY'))

We just got rid of the PACKAGE_FEED_GPG_PUBKEY variable in a recent patch from 
Randy Witt. There should be no reason to re-introduce it.


Thanks,
  Markus



> }
> 
> do_package_index[depends] += "signing-keys:do_deploy"
>diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
>index 5cd43e9..7e3baef 100644
>--- a/meta/lib/oe/package_manager.py
>+++ b/meta/lib/oe/package_manager.py
>@@ -153,11 +153,16 @@ class OpkgIndexer(Indexer):
>                      "MULTILIB_ARCHS"]
> 
>         opkg_index_cmd = bb.utils.which(os.getenv('PATH'), "opkg-make-index")
>+        if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
>+            signer = get_signer(self.d, 
>self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
>+        else:
>+            signer = None
> 
>         if not os.path.exists(os.path.join(self.deploy_dir, "Packages")):
>             open(os.path.join(self.deploy_dir, "Packages"), "w").close()
> 
>         index_cmds = []
>+        index_sign_files = []
>         for arch_var in arch_vars:
>             archs = self.d.getVar(arch_var, True)
>             if archs is None:
>@@ -176,6 +181,8 @@ class OpkgIndexer(Indexer):
>                 index_cmds.append('%s -r %s -p %s -m %s' %
>                                   (opkg_index_cmd, pkgs_file, pkgs_file, 
> pkgs_dir))
> 
>+                index_sign_files.append(pkgs_file)
>+
>         if len(index_cmds) == 0:
>             bb.note("There are no packages in %s!" % self.deploy_dir)
>             return
>@@ -183,9 +190,15 @@ class OpkgIndexer(Indexer):
>         result = oe.utils.multiprocess_exec(index_cmds, create_index)
>         if result:
>             bb.fatal('%s' % ('\n'.join(result)))
>-        if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
>-            raise NotImplementedError('Package feed signing not implementd 
>for ipk')
> 
>+        if signer:
>+            feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE', 
>True)
>+            is_ascii_sig = (feed_sig_type.upper() != "BIN")
>+            for f in index_sign_files:
>+                signer.detach_sign(f,
>+                                   self.d.getVar('PACKAGE_FEED_GPG_NAME', 
>True),
>+                                   
>self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
>+                                   armor=is_ascii_sig)
> 
> 
> class DpkgIndexer(Indexer):
>-- 
>2.7.1
>

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to