diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/classes/sign_rpm.bbclass')
-rw-r--r-- | import-layers/yocto-poky/meta/classes/sign_rpm.bbclass | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass index bc2e94710..4961b0361 100644 --- a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass +++ b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass @@ -9,16 +9,30 @@ # Optional variable for specifying the backend to use for signing. # Currently the only available option is 'local', i.e. local signing # on the build host. +# RPM_FILE_CHECKSUM_DIGEST +# Optional variable for specifying the algorithm for generating file +# checksum digest. +# RPM_FSK_PATH +# Optional variable for the file signing key. +# RPM_FSK_PASSWORD +# Optional variable for the file signing key password. # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. +# RPM_GPG_SIGN_CHUNK +# Optional variable indicating the number of packages used per gpg +# invocation # GPG_PATH # Optional variable for specifying the gnupg "home" directory: -# + inherit sanity RPM_SIGN_PACKAGES='1' +RPM_SIGN_FILES ?= '0' RPM_GPG_BACKEND ?= 'local' +# SHA-256 is used by default +RPM_FILE_CHECKSUM_DIGEST ?= '8' +RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}" python () { @@ -28,6 +42,11 @@ python () { for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'): if not d.getVar(var): raise_sanity_error("You need to define %s in the config" % var, d) + + if d.getVar('RPM_SIGN_FILES') == '1': + for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'): + if not d.getVar(var): + raise_sanity_error("You need to define %s in the config" % var, d) } python sign_rpm () { @@ -39,8 +58,18 @@ python sign_rpm () { signer.sign_rpms(rpms, d.getVar('RPM_GPG_NAME'), - d.getVar('RPM_GPG_PASSPHRASE')) + d.getVar('RPM_GPG_PASSPHRASE'), + d.getVar('RPM_FILE_CHECKSUM_DIGEST'), + int(d.getVar('RPM_GPG_SIGN_CHUNK')), + d.getVar('RPM_FSK_PATH'), + d.getVar('RPM_FSK_PASSWORD')) } do_package_index[depends] += "signing-keys:do_deploy" do_rootfs[depends] += "signing-keys:do_populate_sysroot" + +# Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel +# so unfortunately the signing must be done serially. Once the upstream problem is fixed, +# the following line must be removed otherwise we loose all the intrinsic parallelism from +# bitbake. For more information, check https://bugzilla.yoctoproject.org/show_bug.cgi?id=12022. +do_package_write_rpm[lockfiles] += "${TMPDIR}/gpg.lock" |