On 02/03/16 16:47, "Ioan-Adrian Ratiu" <adrian.ra...@ni.com> wrote:
>Create gpg signed ipk package feeds using the gpg backend if configured.
>
>Signed-off-by: Ioan-Adrian Ratiu <adrian.ra...@ni.com>
>---
> meta/classes/sign_package_feed.bbclass | 17 ++++++++++++++++-
> meta/lib/oe/package_manager.py | 17 +++++++++++++++--
> 2 files changed, 31 insertions(+), 3 deletions(-)
>
>diff --git a/meta/classes/sign_package_feed.bbclass
>b/meta/classes/sign_package_feed.bbclass
>index e1ec82e..ddb6ac5 100644
>--- a/meta/classes/sign_package_feed.bbclass
>+++ b/meta/classes/sign_package_feed.bbclass
>@@ -10,6 +10,12 @@
> # Optional variable for specifying the backend to use for signing.
> # Currently the only available option is 'local', i.e. local signing
> # on the build host.
>+# PACKAGE_FEED_GPG_SIGNATURE_TYPE
>+# Optional variable for specifying the type of gpg signature, can
>be:
>+# 1. Ascii armored (ASC), default if not set
>+# 2. Binary (BIN)
>+# This variable is only available for IPK feeds. It is ignored on
>+# other packaging backends.
> # GPG_BIN
> # Optional variable for specifying the gpg binary/wrapper to use for
> # signing.
>@@ -20,13 +26,22 @@ inherit sanity
>
> PACKAGE_FEED_SIGN = '1'
> PACKAGE_FEED_GPG_BACKEND ?= 'local'
>-
>+PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC'
>
> python () {
> # Check sanity of configuration
> for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
> if not d.getVar(var, True):
> raise_sanity_error("You need to define %s in the config" % var, d)
>+
>+ sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE", True)
>+ if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
>+ raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE
>(%s), use either ASC or BIN" % sigtype)
>+
>+ # Set expected location of the public key
>+ d.setVar('PACKAGE_FEED_GPG_PUBKEY',
>+ os.path.join(d.getVar('STAGING_ETCDIR_NATIVE', False),
>+ 'PACKAGE-FEED-GPG-PUBKEY'))
We just got rid of the PACKAGE_FEED_GPG_PUBKEY variable in a recent patch from
Randy Witt. There should be no reason to re-introduce it.
Thanks,
Markus
> }
>
> do_package_index[depends] += "signing-keys:do_deploy"
>diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
>index 5cd43e9..7e3baef 100644
>--- a/meta/lib/oe/package_manager.py
>+++ b/meta/lib/oe/package_manager.py
>@@ -153,11 +153,16 @@ class OpkgIndexer(Indexer):
> "MULTILIB_ARCHS"]
>
> opkg_index_cmd = bb.utils.which(os.getenv('PATH'), "opkg-make-index")
>+ if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
>+ signer = get_signer(self.d,
>self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
>+ else:
>+ signer = None
>
> if not os.path.exists(os.path.join(self.deploy_dir, "Packages")):
> open(os.path.join(self.deploy_dir, "Packages"), "w").close()
>
> index_cmds = []
>+ index_sign_files = []
> for arch_var in arch_vars:
> archs = self.d.getVar(arch_var, True)
> if archs is None:
>@@ -176,6 +181,8 @@ class OpkgIndexer(Indexer):
> index_cmds.append('%s -r %s -p %s -m %s' %
> (opkg_index_cmd, pkgs_file, pkgs_file,
> pkgs_dir))
>
>+ index_sign_files.append(pkgs_file)
>+
> if len(index_cmds) == 0:
> bb.note("There are no packages in %s!" % self.deploy_dir)
> return
>@@ -183,9 +190,15 @@ class OpkgIndexer(Indexer):
> result = oe.utils.multiprocess_exec(index_cmds, create_index)
> if result:
> bb.fatal('%s' % ('\n'.join(result)))
>- if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
>- raise NotImplementedError('Package feed signing not implementd
>for ipk')
>
>+ if signer:
>+ feed_sig_type = self.d.getVar('PACKAGE_FEED_GPG_SIGNATURE_TYPE',
>True)
>+ is_ascii_sig = (feed_sig_type.upper() != "BIN")
>+ for f in index_sign_files:
>+ signer.detach_sign(f,
>+ self.d.getVar('PACKAGE_FEED_GPG_NAME',
>True),
>+
>self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
>+ armor=is_ascii_sig)
>
>
> class DpkgIndexer(Indexer):
>--
>2.7.1
>
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
