Support GPG_PATH when exporting gpg keys

Support GPG_PATH when exporting gpg keys

[Konrad Scherer]

Summary: Fix exporting of gpg keys when using a temporary keyring

When I tried to sign rpms and feeds using a gpg key on a temporary
keyring, I got a build failure in os-release.bb due to missing
exported keys. I traced the failure back to signing-keys.bb. Even
though the task had logged successful completion, when I tried to run
bitbake -c do_export_public_keys signing-keys I found two problems:
missing sysroot path and no GPG_PATH support.

[PATCH 1/2] signing-keys: Create destination path for exported keys

[Konrad Scherer]

From: Konrad Scherer <Konrad.Scherer@windriver.com>

When testing the do_export_public_keys function using
  bitbake -c do_export_public_keys signing-keys
the destination path for the exported keys does not exist
and the gpg export call fails.

Signed-off-by: Konrad Scherer <Konrad.Scherer@windriver.com>
---
 meta/recipes-core/meta/signing-keys.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
index cc401f3..c19a5fe 100644
--- a/meta/recipes-core/meta/signing-keys.bb
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -22,6 +22,8 @@ EXCLUDE_FROM_WORLD = "1"
 
 def export_gpg_pubkey(d, keyid, path):
     import bb
+    import os.path
+    bb.utils.mkdirhier(os.path.dirname(path))
     gpg_bin = d.getVar('GPG_BIN', True) or \
               bb.utils.which(os.getenv('PATH'), "gpg")
     cmd = '%s --batch --yes --export --armor -o %s %s' % \
-- 
2.6.3

[PATCH 2/2] signing-keys: Use GPG_PATH as keyring location if it is defined

[Konrad Scherer]

From: Konrad Scherer <Konrad.Scherer@windriver.com>

While experimenting with signing rpms, I attempted to import the keys
into a temporary keyring and set GPG_PATH to the temporary keyring.
This fails because the gpg export call cannot find the requested key
in the default keyring.

Signed-off-by: Konrad Scherer <Konrad.Scherer@windriver.com>
---
 meta/recipes-core/meta/signing-keys.bb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb
index c19a5fe..ecfcfd0 100644
--- a/meta/recipes-core/meta/signing-keys.bb
+++ b/meta/recipes-core/meta/signing-keys.bb
@@ -26,8 +26,11 @@ def export_gpg_pubkey(d, keyid, path):
     bb.utils.mkdirhier(os.path.dirname(path))
     gpg_bin = d.getVar('GPG_BIN', True) or \
               bb.utils.which(os.getenv('PATH'), "gpg")
-    cmd = '%s --batch --yes --export --armor -o %s %s' % \
-          (gpg_bin, path, keyid)
+    cmd = gpg_bin
+    if d.getVar('GPG_PATH', True):
+        cmd += " --homedir %s" % d.getVar('GPG_PATH', True)
+    cmd += ' --batch --yes --export --armor -o %s %s' % (path, keyid)
+
     status, output = oe.utils.getstatusoutput(cmd)
     if status:
         raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
-- 
2.6.3