diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-02-26 06:55:05 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-15 17:22:49 +0300 |
commit | d7bf8c17eca8f8c89898a7794462c773c449e983 (patch) | |
tree | d18618fca85ca5f0c077032cc7b009344b60f663 /import-layers/yocto-poky/meta/classes/sign_rpm.bbclass | |
parent | e2b5abdc9f28cdf8578e5b9be803c8e697443c20 (diff) | |
download | openbmc-d7bf8c17eca8f8c89898a7794462c773c449e983.tar.xz |
Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'import-layers/yocto-poky/meta/classes/sign_rpm.bbclass')
-rw-r--r-- | import-layers/yocto-poky/meta/classes/sign_rpm.bbclass | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass index bc2e94710..4961b0361 100644 --- a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass +++ b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass @@ -9,16 +9,30 @@ # Optional variable for specifying the backend to use for signing. # Currently the only available option is 'local', i.e. local signing # on the build host. +# RPM_FILE_CHECKSUM_DIGEST +# Optional variable for specifying the algorithm for generating file +# checksum digest. +# RPM_FSK_PATH +# Optional variable for the file signing key. +# RPM_FSK_PASSWORD +# Optional variable for the file signing key password. # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. +# RPM_GPG_SIGN_CHUNK +# Optional variable indicating the number of packages used per gpg +# invocation # GPG_PATH # Optional variable for specifying the gnupg "home" directory: -# + inherit sanity RPM_SIGN_PACKAGES='1' +RPM_SIGN_FILES ?= '0' RPM_GPG_BACKEND ?= 'local' +# SHA-256 is used by default +RPM_FILE_CHECKSUM_DIGEST ?= '8' +RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}" python () { @@ -28,6 +42,11 @@ python () { for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): if not d.getVar(var): raise_sanity_error("You need to define %s in the config" % var, d) + + if d.getVar('RPM_SIGN_FILES') == '1': + for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'): + if not d.getVar(var): + raise_sanity_error("You need to define %s in the config" % var, d) } python sign_rpm () { @@ -39,8 +58,18 @@ python sign_rpm () { signer.sign_rpms(rpms, d.getVar('RPM_GPG_NAME'), - d.getVar('RPM_GPG_PASSPHRASE')) + d.getVar('RPM_GPG_PASSPHRASE'), + d.getVar('RPM_FILE_CHECKSUM_DIGEST'), + int(d.getVar('RPM_GPG_SIGN_CHUNK')), + d.getVar('RPM_FSK_PATH'), + d.getVar('RPM_FSK_PASSWORD')) } do_package_index[depends] += "signing-keys:do_deploy" do_rootfs[depends] += "signing-keys:do_populate_sysroot" + +# Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel +# so unfortunately the signing must be done serially. Once the upstream problem is fixed, +# the following line must be removed otherwise we loose all the intrinsic parallelism from +# bitbake. For more information, check https://bugzilla.yoctoproject.org/show_bug.cgi?id=12022. +do_package_write_rpm[lockfiles] += "${TMPDIR}/gpg.lock" |