diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /poky/meta/classes/sign_rpm.bbclass | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/classes/sign_rpm.bbclass')
-rw-r--r-- | poky/meta/classes/sign_rpm.bbclass | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/poky/meta/classes/sign_rpm.bbclass b/poky/meta/classes/sign_rpm.bbclass new file mode 100644 index 000000000..64ae7ce30 --- /dev/null +++ b/poky/meta/classes/sign_rpm.bbclass @@ -0,0 +1,71 @@ +# Class for generating signed RPM packages. +# +# Configuration variables used by this class: +# RPM_GPG_PASSPHRASE +# The passphrase of the signing key. +# RPM_GPG_NAME +# Name of the key to sign with. May be key id or key name. +# RPM_GPG_BACKEND +# Optional variable for specifying the backend to use for signing. +# Currently the only available option is 'local', i.e. local signing +# on the build host. +# RPM_FILE_CHECKSUM_DIGEST +# Optional variable for specifying the algorithm for generating file +# checksum digest. +# RPM_FSK_PATH +# Optional variable for the file signing key. +# RPM_FSK_PASSWORD +# Optional variable for the file signing key password. +# GPG_BIN +# Optional variable for specifying the gpg binary/wrapper to use for +# signing. +# RPM_GPG_SIGN_CHUNK +# Optional variable indicating the number of packages used per gpg +# invocation +# GPG_PATH +# Optional variable for specifying the gnupg "home" directory: + +inherit sanity + +RPM_SIGN_PACKAGES='1' +RPM_SIGN_FILES ?= '0' +RPM_GPG_BACKEND ?= 'local' +# SHA-256 is used by default +RPM_FILE_CHECKSUM_DIGEST ?= '8' +RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}" + + +python () { + if d.getVar('RPM_GPG_PASSPHRASE_FILE'): + raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d) + # Check configuration + for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): + if not d.getVar(var): + raise_sanity_error("You need to define %s in the config" % var, d) + + if d.getVar('RPM_SIGN_FILES') == '1': + for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'): + if not d.getVar(var): + raise_sanity_error("You need to define %s in the config" % var, d) +} + +python sign_rpm () { + import glob + from oe.gpg_sign import get_signer + + signer = get_signer(d, d.getVar('RPM_GPG_BACKEND')) + rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*') + + signer.sign_rpms(rpms, + d.getVar('RPM_GPG_NAME'), + d.getVar('RPM_GPG_PASSPHRASE'), + d.getVar('RPM_FILE_CHECKSUM_DIGEST'), + int(d.getVar('RPM_GPG_SIGN_CHUNK')), + d.getVar('RPM_FSK_PATH'), + d.getVar('RPM_FSK_PASSWORD')) +} + +do_package_index[depends] += "signing-keys:do_deploy" +do_rootfs[depends] += "signing-keys:do_populate_sysroot" + +PACKAGE_WRITE_DEPS += "gnupg-native" |