* [PATCH 0/5] Rework rpm signing
@ 2015-10-16 11:57 Markus Lehtonen
2015-10-16 11:57 ` [PATCH 1/5] sign_rpm.bbclass: be more verbose in case of error Markus Lehtonen
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Additionl patches on top of my previous "Implement GPG_PATH variable" patchset.
Slightly rework the rpm and package feed signing feature. The user-visible
changes are that the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG PUBKEY configuration
variables are not needed anymore, and, package feed signing should now be
enabled using INERIT += "sign_package_feed".
The following changes since commit 27ce8876e4b4b19fd26c2f70ccc2acc2c1bc5d40:
package_manager: support GPG_PATH variable (2015-10-16 14:03:46 +0300)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib marquiz/rpmsign
http://git.openembedded.org/openembedded-core-contrib/log/?h=marquiz/rpmsign
Markus Lehtonen (5):
sign_rpm.bbclass: be more verbose in case of error
sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting
Add new bbclass for package feed signing
package_manager: fail if signed feeds are enabled for ipk or dpkg
package signing: automatically export public keys
meta/classes/sign_package_feed.bbclass | 31 ++++++++++++++++++++
meta/classes/sign_rpm.bbclass | 44 +++++++++++++----------------
meta/lib/oe/package_manager.py | 4 +++
meta/recipes-core/meta/signing-keys.bb | 45 ++++++++++++++++++++++++++++++
meta/recipes-core/os-release/os-release.bb | 1 +
5 files changed, 100 insertions(+), 25 deletions(-)
create mode 100644 meta/classes/sign_package_feed.bbclass
create mode 100644 meta/recipes-core/meta/signing-keys.bb
--
2.1.4
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/5] sign_rpm.bbclass: be more verbose in case of error
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
2015-10-16 11:57 ` [PATCH 2/5] sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting Markus Lehtonen
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sign_rpm.bbclass | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 23aea42..39f877a 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -55,8 +55,11 @@ def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
proc.expect(pexpect.EOF, timeout=900)
proc.close()
except pexpect.TIMEOUT as err:
- bb.debug('rpmsign timeout: %s' % err)
+ bb.warn('rpmsign timeout: %s' % err)
proc.terminate()
+ else:
+ if os.WEXITSTATUS(proc.status) or not os.WIFEXITED(proc.status):
+ bb.warn('rpmsign failed: %s' % proc.before.strip())
return proc.exitstatus
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/5] sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 1/5] sign_rpm.bbclass: be more verbose in case of error Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
2015-10-16 11:57 ` [PATCH 3/5] Add new bbclass for package feed signing Markus Lehtonen
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Simplifies the configuration. Makes way for the removal of
RPM_GPG_PUBKEY setting and possible future implementation of a separate
signing server support. Also, moves the configuration sanity checking
into a separate function.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sign_rpm.bbclass | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 39f877a..4da1763 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -4,8 +4,7 @@
# RPM_GPG_PASSPHRASE_FILE
# Path to a file containing the passphrase of the signing key.
# RPM_GPG_NAME
-# Name of the key to sign with. Alternatively you can define
-# %_gpg_name macro in your ~/.oerpmmacros file.
+# Name of the key to sign with. May be key id or key name.
# RPM_GPG_PUBKEY
# Path to a file containing the public key (in "armor" format)
# corresponding the signing key.
@@ -20,9 +19,11 @@ inherit sanity
RPM_SIGN_PACKAGES='1'
-_check_gpg_name () {
- macrodef=`rpm -E '%_gpg_name'`
- [ "$macrodef" == "%_gpg_name" ] && return 1 || return 0
+python () {
+ # Check configuration
+ for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
+ if not d.getVar(var, True):
+ raise_sanity_error("You need to define %s in the config" % var, d)
}
@@ -31,16 +32,7 @@ def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
# Find the correct rpm binary
rpm_bin_path = d.getVar('STAGING_BINDIR_NATIVE', True) + '/rpm'
- cmd = rpm_bin_path + " --addsign "
- if gpg_name:
- cmd += "--define '%%_gpg_name %s' " % gpg_name
- else:
- try:
- bb.build.exec_func('_check_gpg_name', d)
- except bb.build.FuncFailed:
- raise_sanity_error("You need to define RPM_GPG_NAME in bitbake "
- "config or the %_gpg_name RPM macro defined "
- "(e.g. in ~/.oerpmmacros", d)
+ cmd = rpm_bin_path + " --addsign --define '_gpg_name %s' " % gpg_name
if d.getVar('GPG_BIN', True):
cmd += "--define '%%__gpg %s' " % d.getVar('GPG_BIN', True)
if d.getVar('GPG_PATH', True):
@@ -66,12 +58,8 @@ def rpmsign_wrapper(d, files, passphrase, gpg_name=None):
python sign_rpm () {
import glob
- rpm_gpg_pass_file = (d.getVar("RPM_GPG_PASSPHRASE_FILE", True) or "")
- if rpm_gpg_pass_file:
- with open(rpm_gpg_pass_file) as fobj:
- rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
- else:
- raise_sanity_error("You need to define RPM_GPG_PASSPHRASE_FILE in the config", d)
+ with open(d.getVar("RPM_GPG_PASSPHRASE_FILE", True)) as fobj:
+ rpm_gpg_passphrase = fobj.readlines()[0].rstrip('\n')
rpm_gpg_name = (d.getVar("RPM_GPG_NAME", True) or "")
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/5] Add new bbclass for package feed signing
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 1/5] sign_rpm.bbclass: be more verbose in case of error Markus Lehtonen
2015-10-16 11:57 ` [PATCH 2/5] sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
2015-10-16 11:57 ` [PATCH 4/5] package_manager: fail if signed feeds are enabled for ipk or dpkg Markus Lehtonen
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
After this change signed package feeds should be enabled by adding
INERIT += "sign_package_feed"
instead of definining PACKAGE_FEED_SIGN="1".
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sign_package_feed.bbclass | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 meta/classes/sign_package_feed.bbclass
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass
new file mode 100644
index 0000000..8877d90
--- /dev/null
+++ b/meta/classes/sign_package_feed.bbclass
@@ -0,0 +1,24 @@
+# Class for signing package feeds
+#
+# Related configuration variables that will be used after this class is
+# iherited:
+# PACKAGE_FEED_PASSPHRASE_FILE
+# Path to a file containing the passphrase of the signing key.
+# PACKAGE_FEED_GPG_NAME
+# Name of the key to sign with. May be key id or key name.
+# GPG_BIN
+# Optional variable for specifying the gpg binary/wrapper to use for
+# signing.
+# GPG_PATH
+# Optional variable for specifying the gnupg "home" directory:
+#
+inherit sanity
+
+PACKAGE_FEED_SIGN = '1'
+
+python () {
+ # Check sanity of configuration
+ for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
+ if not d.getVar(var, True):
+ raise_sanity_error("You need to define %s in the config" % var, d)
+}
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 4/5] package_manager: fail if signed feeds are enabled for ipk or dpkg
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
` (2 preceding siblings ...)
2015-10-16 11:57 ` [PATCH 3/5] Add new bbclass for package feed signing Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
2015-10-16 11:57 ` [PATCH 5/5] Automatically export public keys used for package(feed) signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 5/5] package signing: automatically export public keys Markus Lehtonen
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Signed package feeds are not yet implemented for these package formats.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/lib/oe/package_manager.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 5c2130b..964fddc 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -203,6 +203,8 @@ class OpkgIndexer(Indexer):
result = oe.utils.multiprocess_exec(index_cmds, create_index)
if result:
bb.fatal('%s' % ('\n'.join(result)))
+ if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
+ raise NotImplementedError('Package feed signing not implementd for ipk')
@@ -278,6 +280,8 @@ class DpkgIndexer(Indexer):
result = oe.utils.multiprocess_exec(index_cmds, create_index)
if result:
bb.fatal('%s' % ('\n'.join(result)))
+ if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
+ raise NotImplementedError('Package feed signing not implementd for dpkg')
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 5/5] Automatically export public keys used for package(feed) signing
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
` (3 preceding siblings ...)
2015-10-16 11:57 ` [PATCH 4/5] package_manager: fail if signed feeds are enabled for ipk or dpkg Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
2015-10-16 11:57 ` [PATCH 5/5] package signing: automatically export public keys Markus Lehtonen
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Automatically export public key(s) from the gpg keyring. Adds a new
simple recipe that does the actual task of exporting the keys. This
patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG PUBKEY settings
obsolete.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sign_package_feed.bbclass | 7 +++++
meta/classes/sign_rpm.bbclass | 9 ++++--
meta/recipes-core/meta/signing-keys.bb | 45 ++++++++++++++++++++++++++++++
meta/recipes-core/os-release/os-release.bb | 1 +
4 files changed, 59 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/meta/signing-keys.bb
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass
index 8877d90..4263810 100644
--- a/meta/classes/sign_package_feed.bbclass
+++ b/meta/classes/sign_package_feed.bbclass
@@ -21,4 +21,11 @@ python () {
for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
+
+ # Set expected location of the public key
+ d.setVar('PACKAGE_FEED_GPG_PUBKEY',
+ os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
+ 'PACKAGE-FEED-GPG-PUBKEY'))
}
+
+do_package_index[depends] += "signing-keys:do_export_public_keys"
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 4da1763..f0c3dc9 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -5,9 +5,6 @@
# Path to a file containing the passphrase of the signing key.
# RPM_GPG_NAME
# Name of the key to sign with. May be key id or key name.
-# RPM_GPG_PUBKEY
-# Path to a file containing the public key (in "armor" format)
-# corresponding the signing key.
# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
@@ -24,6 +21,10 @@ python () {
for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
+
+ # Set the expected location of the public key
+ d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
+ 'RPM-GPG-PUBKEY'))
}
@@ -68,3 +69,5 @@ python sign_rpm () {
if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
raise bb.build.FuncFailed("RPM signing failed")
}
+
+do_package_index[depends] += "signing-keys:do_export_public_keys"
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
new file mode 100644
index 0000000..cc401f3
--- /dev/null
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -0,0 +1,45 @@
+# Copyright (C) 2015 Intel Corporation
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+DESCRIPTION = "Make public keys of the signing keys available"
+LICENSE = "MIT"
+PACKAGES = ""
+
+do_fetch[noexec] = "1"
+do_unpack[noexec] = "1"
+do_patch[noexec] = "1"
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+do_install[noexec] = "1"
+do_package[noexec] = "1"
+do_packagedata[noexec] = "1"
+do_package_write_ipk[noexec] = "1"
+do_package_write_rpm[noexec] = "1"
+do_package_write_deb[noexec] = "1"
+do_populate_sysroot[noexec] = "1"
+
+EXCLUDE_FROM_WORLD = "1"
+
+def export_gpg_pubkey(d, keyid, path):
+ import bb
+ gpg_bin = d.getVar('GPG_BIN', True) or \
+ bb.utils.which(os.getenv('PATH'), "gpg")
+ cmd = '%s --batch --yes --export --armor -o %s %s' % \
+ (gpg_bin, path, keyid)
+ status, output = oe.utils.getstatusoutput(cmd)
+ if status:
+ raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
+ (keyid, output))
+
+python do_export_public_keys () {
+ if d.getVar("RPM_SIGN_PACKAGES", True):
+ # Export public key of the rpm signing key
+ export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True),
+ d.getVar('RPM_GPG_PUBKEY', True))
+
+ if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
+ # Export public key of the feed signing key
+ export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True),
+ d.getVar('PACKAGE_FEED_GPG_PUBKEY', True))
+}
+addtask do_export_public_keys before do_build
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index db82760..c690b82 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -37,6 +37,7 @@ python do_compile () {
shutil.copy2(rpm_gpg_pubkey, d.expand('${B}/rpm-gpg/RPM-GPG-KEY-%s' % distro_version))
}
do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
+do_compile[depends] += "signing-keys:do_export_public_keys"
do_install () {
install -d ${D}${sysconfdir}
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 5/5] package signing: automatically export public keys
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
` (4 preceding siblings ...)
2015-10-16 11:57 ` [PATCH 5/5] Automatically export public keys used for package(feed) signing Markus Lehtonen
@ 2015-10-16 11:57 ` Markus Lehtonen
5 siblings, 0 replies; 7+ messages in thread
From: Markus Lehtonen @ 2015-10-16 11:57 UTC (permalink / raw)
To: openembedded-core
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sign_package_feed.bbclass | 7 +++++
meta/classes/sign_rpm.bbclass | 9 ++++--
meta/recipes-core/meta/signing-keys.bb | 45 ++++++++++++++++++++++++++++++
meta/recipes-core/os-release/os-release.bb | 1 +
4 files changed, 59 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/meta/signing-keys.bb
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass
index 8877d90..4263810 100644
--- a/meta/classes/sign_package_feed.bbclass
+++ b/meta/classes/sign_package_feed.bbclass
@@ -21,4 +21,11 @@ python () {
for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
+
+ # Set expected location of the public key
+ d.setVar('PACKAGE_FEED_GPG_PUBKEY',
+ os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
+ 'PACKAGE-FEED-GPG-PUBKEY'))
}
+
+do_package_index[depends] += "signing-keys:do_export_public_keys"
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 4da1763..f0c3dc9 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -5,9 +5,6 @@
# Path to a file containing the passphrase of the signing key.
# RPM_GPG_NAME
# Name of the key to sign with. May be key id or key name.
-# RPM_GPG_PUBKEY
-# Path to a file containing the public key (in "armor" format)
-# corresponding the signing key.
# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
@@ -24,6 +21,10 @@ python () {
for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'):
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
+
+ # Set the expected location of the public key
+ d.setVar('RPM_GPG_PUBKEY', os.path.join(d.getVar('STAGING_ETCDIR_NATIVE'),
+ 'RPM-GPG-PUBKEY'))
}
@@ -68,3 +69,5 @@ python sign_rpm () {
if rpmsign_wrapper(d, rpms, rpm_gpg_passphrase, rpm_gpg_name) != 0:
raise bb.build.FuncFailed("RPM signing failed")
}
+
+do_package_index[depends] += "signing-keys:do_export_public_keys"
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
new file mode 100644
index 0000000..cc401f3
--- /dev/null
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -0,0 +1,45 @@
+# Copyright (C) 2015 Intel Corporation
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+DESCRIPTION = "Make public keys of the signing keys available"
+LICENSE = "MIT"
+PACKAGES = ""
+
+do_fetch[noexec] = "1"
+do_unpack[noexec] = "1"
+do_patch[noexec] = "1"
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+do_install[noexec] = "1"
+do_package[noexec] = "1"
+do_packagedata[noexec] = "1"
+do_package_write_ipk[noexec] = "1"
+do_package_write_rpm[noexec] = "1"
+do_package_write_deb[noexec] = "1"
+do_populate_sysroot[noexec] = "1"
+
+EXCLUDE_FROM_WORLD = "1"
+
+def export_gpg_pubkey(d, keyid, path):
+ import bb
+ gpg_bin = d.getVar('GPG_BIN', True) or \
+ bb.utils.which(os.getenv('PATH'), "gpg")
+ cmd = '%s --batch --yes --export --armor -o %s %s' % \
+ (gpg_bin, path, keyid)
+ status, output = oe.utils.getstatusoutput(cmd)
+ if status:
+ raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
+ (keyid, output))
+
+python do_export_public_keys () {
+ if d.getVar("RPM_SIGN_PACKAGES", True):
+ # Export public key of the rpm signing key
+ export_gpg_pubkey(d, d.getVar("RPM_GPG_NAME", True),
+ d.getVar('RPM_GPG_PUBKEY', True))
+
+ if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
+ # Export public key of the feed signing key
+ export_gpg_pubkey(d, d.getVar("PACKAGE_FEED_GPG_NAME", True),
+ d.getVar('PACKAGE_FEED_GPG_PUBKEY', True))
+}
+addtask do_export_public_keys before do_build
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index db82760..c690b82 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -37,6 +37,7 @@ python do_compile () {
shutil.copy2(rpm_gpg_pubkey, d.expand('${B}/rpm-gpg/RPM-GPG-KEY-%s' % distro_version))
}
do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
+do_compile[depends] += "signing-keys:do_export_public_keys"
do_install () {
install -d ${D}${sysconfdir}
--
2.1.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-10-16 11:57 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-16 11:57 [PATCH 0/5] Rework rpm signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 1/5] sign_rpm.bbclass: be more verbose in case of error Markus Lehtonen
2015-10-16 11:57 ` [PATCH 2/5] sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting Markus Lehtonen
2015-10-16 11:57 ` [PATCH 3/5] Add new bbclass for package feed signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 4/5] package_manager: fail if signed feeds are enabled for ipk or dpkg Markus Lehtonen
2015-10-16 11:57 ` [PATCH 5/5] Automatically export public keys used for package(feed) signing Markus Lehtonen
2015-10-16 11:57 ` [PATCH 5/5] package signing: automatically export public keys Markus Lehtonen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.