Add the SIGGEN_LOCKEDSIGS_TASKSIG_CHECK and
SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK variables to replace
SIGGEN_LOCKEDSIGS_CHECK_LEVEL.
SIGGEN_LOCKEDSIGS_TASKSIG_CHECK will no control whether there is a
warning or error if a task's hash in the locked signature file doesn't match
the computed hash from the current metadata.
SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK will control whther there is a
warning or error if a task that supports sstate is in the locked
signature file, but no sstate exists for the task.
Previously you could only have warning/errors for both controlled by
SIGGEN_LOCKEDSIGS_CHECK_LEVEL. This was an issue in the extensible sdk,
because we know sstate won't exist for certain items in the reverse
dependencies list for tasks. However, we still want to error if task
signatures don't match.
[YOCTO #9195]
(From OE-Core rev: 0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a)
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using PF to calculate the rpm filename doesn't work when PR server is
enabled and an extra PR value can be injected. Add code to use packagedata
to obtain the full name, allowing the test to work when PR server is
in use.
(From OE-Core rev: 322904f62f11e794543362f04212242567c556a0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: ce14964d99741f1a4579bae18da5013498c365fd)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fix for [YOCTO #8706]
(From OE-Core rev: 9b704ae44d9dc1d3d5c3aee6d7a5530b642070c4)
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use temporary rpmdb when importing gpg public key and checking rpm
signature. This patch should fix a problem where test_signing_packages()
sometimes fails with
"pmdb: BDB1540 configured environment flags incompatible with existing
environment"
(From OE-Core rev: e2ddf409f405ab570ea7f6ed87180789b3a54607)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YOCTO # 8134] This test verifies features introduced in bug 8134.
It requires as resources the files from meta-selftest/files/signing:
For 'gpg --gen-key' the used input was:
key: RSA
key-size: 2048
key-valid: 0
realname: testuser
email: testuser@email.com
comment: nocomment
passphrase: test123
(From OE-Core rev: 6b9d22bfd5414b517a1f0468e1229dfa2294b5fd)
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy Witt
Richard Purdie
Robert Yang
Daniel Istrate
Markus Lehtonen