sstate.bbclass: use oe.gpg_sign for gpg signing

[YOCTO #9006] (From OE-Core rev: a3916b29c8c3d0b1570c40c0ed3a1a15c43925bb) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-10 16:15:59 +02:00 · 2016-02-10 16:15:59 +02:00 · 4699483773
parent db7c7c2ece
commit 4699483773
1 changed files with 17 additions and 21 deletions
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@ -269,23 +269,10 @@ def sstate_install(ss, d):
 sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
 sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"

-def sstate_build_gpg_command(d, *args, **kwargs):
-    # Returns a list for subprocess.call() unless passed flatten=True when this
-    # returns a flattened string.
-    l = [d.getVar("GPG_BIN", True) or "gpg"]
-    if d.getVar("GPG_PATH", True):
-        l += ["--homedir", d.getVar("GPG_PATH", True)]
-    l += args
-
-    if kwargs.get("flatten", False):
-        import pipes
-        return " ".join(map(pipes.quote, l))
-    else:
-        return l
-
 def sstate_installpkg(ss, d):
    import oe.path
    import subprocess
+    from oe.gpg_sign import get_signer

    def prepdir(dir):
        # remove dir if it exists, ensure any parent directories do exist
@ -311,7 +298,8 @@ def sstate_installpkg(ss, d):
    d.setVar('SSTATE_PKG', sstatepkg)

    if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False):
-        if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0:
+        signer = get_signer(d, 'local')
+        if not signer.verify(sstatepkg + '.sig'):
            bb.warn("Cannot verify signature on sstate package %s" % sstatepkg)

    for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
@ -586,7 +574,8 @@ def sstate_package(ss, d):
    d.setVar('SSTATE_BUILDDIR', sstatebuild)
    d.setVar('SSTATE_PKG', sstatepkg)

-    for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + ['sstate_create_package'] + \
+    for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + \
+             ['sstate_create_package', 'sstate_sign_package'] + \
             (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split():
        # All hooks should run in SSTATE_BUILDDIR.
        bb.build.exec_func(f, d, (sstatebuild,))
@ -690,15 +679,22 @@ sstate_create_package () {
 	chmod 0664 $TFILE
 	mv -f $TFILE ${SSTATE_PKG}

-	if [ -n "${SSTATE_SIG_KEY}" ]; then
-		rm -f ${SSTATE_PKG}.sig
-		echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)}
-	fi
-
 	cd ${WORKDIR}
 	rm -rf ${SSTATE_BUILDDIR}
 }

+python sstate_sign_package () {
+    from oe.gpg_sign import get_signer
+
+    if d.getVar('SSTATE_SIG_KEY', True):
+        signer = get_signer(d, 'local')
+        sstate_pkg = d.getVar('SSTATE_PKG', True)
+        if os.path.exists(sstate_pkg + '.sig'):
+            os.unlink(sstate_pkg + '.sig')
+        signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY'), None,
+                           d.getVar('SSTATE_SIG_PASSPHRASE'), armor=False)
+}
+
 #
 # Shell function to decompress and prepare a package for installation
 # Will be run from within SSTATE_INSTDIR.