Add a new Python module (oe.gpg_sign) for handling GPG signing operations, i.e. currently package and package feed signing. The purpose is to be able to more easily support various signing backends and to be able to centralise signing functionality into one place (e.g. package signing and sstate signing). Currently, only local signing with gpg is implemented. [YOCTO #8755] (From OE-Core rev: 9b3dc1bd4b8336423a3f8f7db0ab5fa6fa0e7257) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
38 lines
1.3 KiB
Text
38 lines
1.3 KiB
Text
# Class for signing package feeds
|
|
#
|
|
# Related configuration variables that will be used after this class is
|
|
# iherited:
|
|
# PACKAGE_FEED_PASSPHRASE_FILE
|
|
# Path to a file containing the passphrase of the signing key.
|
|
# PACKAGE_FEED_GPG_NAME
|
|
# Name of the key to sign with. May be key id or key name.
|
|
# PACKAGE_FEED_GPG_BACKEND
|
|
# Optional variable for specifying the backend to use for signing.
|
|
# Currently the only available option is 'local', i.e. local signing
|
|
# on the build host.
|
|
# GPG_BIN
|
|
# Optional variable for specifying the gpg binary/wrapper to use for
|
|
# signing.
|
|
# GPG_PATH
|
|
# Optional variable for specifying the gnupg "home" directory:
|
|
#
|
|
inherit sanity
|
|
|
|
PACKAGE_FEED_SIGN = '1'
|
|
PACKAGE_FEED_GPG_BACKEND ?= 'local'
|
|
|
|
|
|
python () {
|
|
# Check sanity of configuration
|
|
for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
|
|
if not d.getVar(var, True):
|
|
raise_sanity_error("You need to define %s in the config" % var, d)
|
|
|
|
# Set expected location of the public key
|
|
d.setVar('PACKAGE_FEED_GPG_PUBKEY',
|
|
os.path.join(d.getVar('STAGING_ETCDIR_NATIVE', False),
|
|
'PACKAGE-FEED-GPG-PUBKEY'))
|
|
}
|
|
|
|
do_package_index[depends] += "signing-keys:do_export_public_keys"
|