oe/gpg_sign: add 'passphrase' argument to detach_sign method
This allows directly giving the passphrase, instead of reading from a file. [YOCTO #9006] (From OE-Core rev: fd55c6e86b38b33f62006324e73678a13a534220) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
e845b75f8f
commit
db7c7c2ece
|
@ -50,20 +50,30 @@ class LocalSigner(object):
|
|||
bb.error('rpmsign failed: %s' % proc.before.strip())
|
||||
raise bb.build.FuncFailed("Failed to sign RPM packages")
|
||||
|
||||
def detach_sign(self, input_file, keyid, passphrase_file, armor=True):
|
||||
def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
|
||||
"""Create a detached signature of a file"""
|
||||
cmd = "%s --detach-sign --batch --no-tty --yes " \
|
||||
"--passphrase-file '%s' -u '%s' " % \
|
||||
(self.gpg_bin, passphrase_file, keyid)
|
||||
import subprocess
|
||||
|
||||
if passphrase_file and passphrase:
|
||||
raise Exception("You should use either passphrase_file of passphrase, not both")
|
||||
|
||||
cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes',
|
||||
'-u', keyid]
|
||||
if passphrase_file:
|
||||
cmd += ['--passphrase-file', passphrase_file]
|
||||
else:
|
||||
cmd += ['--passphrase-fd', '0']
|
||||
if self.gpg_path:
|
||||
cmd += "--homedir %s " % self.gpg_path
|
||||
cmd += ['--homedir', self.gpg_path]
|
||||
if armor:
|
||||
cmd += "--armor "
|
||||
cmd += input_file
|
||||
status, output = oe.utils.getstatusoutput(cmd)
|
||||
if status:
|
||||
cmd += ['--armor']
|
||||
cmd.append(input_file)
|
||||
job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE)
|
||||
_, stderr = job.communicate(passphrase)
|
||||
if job.returncode:
|
||||
raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %
|
||||
(input_file, output))
|
||||
(input_file, stderr))
|
||||
|
||||
def verify(self, sig_file):
|
||||
"""Verify signature"""
|
||||
|
|
Loading…
Reference in New Issue