sstate.bbclass: use oe.gpg_sign for gpg signing
[YOCTO #9006] (From OE-Core rev: a3916b29c8c3d0b1570c40c0ed3a1a15c43925bb) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
db7c7c2ece
commit
4699483773
|
@ -269,23 +269,10 @@ def sstate_install(ss, d):
|
|||
sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
|
||||
sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"
|
||||
|
||||
def sstate_build_gpg_command(d, *args, **kwargs):
|
||||
# Returns a list for subprocess.call() unless passed flatten=True when this
|
||||
# returns a flattened string.
|
||||
l = [d.getVar("GPG_BIN", True) or "gpg"]
|
||||
if d.getVar("GPG_PATH", True):
|
||||
l += ["--homedir", d.getVar("GPG_PATH", True)]
|
||||
l += args
|
||||
|
||||
if kwargs.get("flatten", False):
|
||||
import pipes
|
||||
return " ".join(map(pipes.quote, l))
|
||||
else:
|
||||
return l
|
||||
|
||||
def sstate_installpkg(ss, d):
|
||||
import oe.path
|
||||
import subprocess
|
||||
from oe.gpg_sign import get_signer
|
||||
|
||||
def prepdir(dir):
|
||||
# remove dir if it exists, ensure any parent directories do exist
|
||||
|
@ -311,7 +298,8 @@ def sstate_installpkg(ss, d):
|
|||
d.setVar('SSTATE_PKG', sstatepkg)
|
||||
|
||||
if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False):
|
||||
if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0:
|
||||
signer = get_signer(d, 'local')
|
||||
if not signer.verify(sstatepkg + '.sig'):
|
||||
bb.warn("Cannot verify signature on sstate package %s" % sstatepkg)
|
||||
|
||||
for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
|
||||
|
@ -586,7 +574,8 @@ def sstate_package(ss, d):
|
|||
d.setVar('SSTATE_BUILDDIR', sstatebuild)
|
||||
d.setVar('SSTATE_PKG', sstatepkg)
|
||||
|
||||
for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + ['sstate_create_package'] + \
|
||||
for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + \
|
||||
['sstate_create_package', 'sstate_sign_package'] + \
|
||||
(d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split():
|
||||
# All hooks should run in SSTATE_BUILDDIR.
|
||||
bb.build.exec_func(f, d, (sstatebuild,))
|
||||
|
@ -690,15 +679,22 @@ sstate_create_package () {
|
|||
chmod 0664 $TFILE
|
||||
mv -f $TFILE ${SSTATE_PKG}
|
||||
|
||||
if [ -n "${SSTATE_SIG_KEY}" ]; then
|
||||
rm -f ${SSTATE_PKG}.sig
|
||||
echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)}
|
||||
fi
|
||||
|
||||
cd ${WORKDIR}
|
||||
rm -rf ${SSTATE_BUILDDIR}
|
||||
}
|
||||
|
||||
python sstate_sign_package () {
|
||||
from oe.gpg_sign import get_signer
|
||||
|
||||
if d.getVar('SSTATE_SIG_KEY', True):
|
||||
signer = get_signer(d, 'local')
|
||||
sstate_pkg = d.getVar('SSTATE_PKG', True)
|
||||
if os.path.exists(sstate_pkg + '.sig'):
|
||||
os.unlink(sstate_pkg + '.sig')
|
||||
signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY'), None,
|
||||
d.getVar('SSTATE_SIG_PASSPHRASE'), armor=False)
|
||||
}
|
||||
|
||||
#
|
||||
# Shell function to decompress and prepare a package for installation
|
||||
# Will be run from within SSTATE_INSTDIR.
|
||||
|
|
Loading…
Reference in New Issue