opkg-keyrings: New recipe

This recipe wraps package and package feed verification keys into a package,
making the management and deployment of verification keys much easier. Comments
on how to select keys for inclusion in this package are provided in the recipe
file.

(From OE-Core rev: 2104111edc85d057eb4fadecd007f5c592803da6)

Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb

@@ -0,0 +1,48 @@
+SUMMARY = "Keyrings for verifying opkg packages and feeds"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+# Distro-specific keys can be added to this package in two ways:
+#
+#   1) In a .bbappend, add .gpg and/or .asc files to SRC_URI and install them to
+#      ${D}${datadir}/opkg/keyrings/ in a do_install_append function. These
+#      files should not be named 'key-$name.gpg' to ensure they don't conflict
+#      with keys exported as per (2).
+#
+#   2) In a .bbappend, distro config or local.conf, override the variable
+#      OPKG_KEYRING_KEYS to contain a space-separated list of key names. For
+#      each name, 'gpg --export $name' will be ran to export the public key to a
+#      file named 'key-$name.gpg'. The public key must therefore be in the gpg
+#      keyrings on the build machine.
+
+OPKG_KEYRING_KEYS ?= ""
+
+do_compile() {
+    for name in ${OPKG_KEYRING_KEYS}; do
+        gpg --export ${name} > ${B}/key-${name}.gpg
+    done
+}
+
+do_install () {
+    install -d ${D}${datadir}/opkg/keyrings/
+    for name in ${OPKG_KEYRING_KEYS}; do
+        install -m 0644 ${B}/key-${name}.gpg ${D}${datadir}/opkg/keyrings/
+    done
+}
+
+FILES_${PN} = "${datadir}/opkg/keyrings"
+
+# We need 'opkg-key' to run the postinst script
+RDEPENDS_${PN} = "opkg"
+
+pkg_postinst_${PN} () {
+#! /bin/sh
+set -e
+
+if [ x"$D" = "x" ]; then
+    # On target
+    opkg-key populate
+else
+    exit 1
+fi
+}