2015-08-21 14:21:57 +00:00
|
|
|
# Class for generating signed RPM packages.
|
|
|
|
#
|
|
|
|
# Configuration variables used by this class:
|
|
|
|
# RPM_GPG_PASSPHRASE_FILE
|
|
|
|
# Path to a file containing the passphrase of the signing key.
|
|
|
|
# RPM_GPG_NAME
|
2015-10-15 11:35:20 +00:00
|
|
|
# Name of the key to sign with. May be key id or key name.
|
2015-08-21 14:21:57 +00:00
|
|
|
# RPM_GPG_PUBKEY
|
|
|
|
# Path to a file containing the public key (in "armor" format)
|
|
|
|
# corresponding the signing key.
|
|
|
|
# GPG_BIN
|
|
|
|
# Optional variable for specifying the gpg binary/wrapper to use for
|
|
|
|
# signing.
|
2015-10-14 13:46:39 +00:00
|
|
|
# GPG_PATH
|
|
|
|
# Optional variable for specifying the gnupg "home" directory:
|
2015-08-21 14:21:57 +00:00
|
|
|
#
|
|
|
|
inherit sanity
|
|
|
|
|
|
|
|
RPM_SIGN_PACKAGES='1'
|
|
|
|
|
|
|
|
|
2015-10-15 11:35:20 +00:00
|
|
|
python () {
|
|
|
|
# Check configuration
|
|
|
|
for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
|
|
|
|
if not d.getVar(var, True):
|
|
|
|
raise_sanity_error("You need to define %s in the config" % var, d)
|
2015-08-21 14:21:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
|
|
|
|
import pexpect
|
|
|
|
|
|
|
|
# Find the correct rpm binary
|
|
|
|
rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
|
2015-10-15 11:35:20 +00:00
|
|
|
cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
|
2015-08-21 14:21:57 +00:00
|
|
|
if d.getVar('GPG_BIN', True):
|
|
|
|
cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
|
2015-10-14 13:46:39 +00:00
|
|
|
if d.getVar('GPG_PATH', True):
|
|
|
|
cmd += "--define '_gpg_path %s' " % d.getVar('GPG_PATH', True)
|
2015-08-21 14:21:57 +00:00
|
|
|
cmd += ' '.join(files)
|
|
|
|
|
|
|
|
# Need to use pexpect for feeding the passphrase
|
|
|
|
proc = pexpect.spawn(cmd)
|
|
|
|
try:
|
|
|
|
proc.expect_exact('Enter pass phrase:', timeout=15)
|
|
|
|
proc.sendline(passphrase)
|
|
|
|
proc.expect(pexpect.EOF, timeout=900)
|
|
|
|
proc.close()
|
|
|
|
except pexpect.TIMEOUT as err:
|
2015-10-15 11:19:15 +00:00
|
|
|
bb.warn('rpmsign timeout: %s' % err)
|
2015-08-21 14:21:57 +00:00
|
|
|
proc.terminate()
|
2015-10-15 11:19:15 +00:00
|
|
|
else:
|
|
|
|
if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
|
|
|
|
bb.warn('rpmsign failed: %s' % proc.before.strip())
|
2015-08-21 14:21:57 +00:00
|
|
|
return proc.exitstatus
|
|
|
|
|
|
|
|
|
|
|
|
python sign_rpm () {
|
|
|
|
import glob
|
|
|
|
|
2015-10-15 11:35:20 +00:00
|
|
|
with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:
|
|
|
|
rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
|
2015-08-21 14:21:57 +00:00
|
|
|
|
|
|
|
rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")
|
|
|
|
|
|
|
|
rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
|
|
|
|
|
|
|
|
if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
|
|
|
|
raise bb.build.FuncFailed("RPM signing failed")
|
|
|
|
}
|