key-store: drop private keys packages

Having a private key package might allow one to pull it into rootfs
which is really, really bad. So drop all private key packages.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

meta-signing-key/recipes-support/key-store/key-store_0.1.bb

@@ -14,18 +14,6 @@ KEY_DIR = "${sysconfdir}/keys"
 # For RPM verification
 RPM_KEY_DIR = "${sysconfdir}/pki/rpm-gpg"
 
-# For ${PN}-system-trusted-privkey
-SYSTEM_PRIV_KEY = "${KEY_DIR}/system_trusted_key.key"
-
-# For ${PN}-secondary-trusted-privkey
-SECONDARY_TRUSTED_PRIV_KEY = "${KEY_DIR}/secondary_trusted_key.key"
-
-# For ${PN}-modsign-privkey
-MODSIGN_PRIV_KEY = "${KEY_DIR}/modsign_key.key"
-
-# For ${PN}-ima-privkey
-IMA_PRIV_KEY = "${KEY_DIR}/x509_ima.key"
-
 # For ${PN}-system-trusted-cert
 SYSTEM_CERT = "${KEY_DIR}/system_trusted_key.crt"
 
@@ -43,26 +31,6 @@ python () {
     if not (uks_signing_model(d) in "sample", "user"):
         return
 
-    pn = d.getVar('PN', True) + '-system-trusted-privkey'
-    d.setVar('PACKAGES_prepend', pn + ' ')
-    d.setVar('FILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True))
-    d.setVar('CONFFILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True))
-
-    pn = d.getVar('PN', True) + '-secondary-trusted-privkey'
-    d.setVar('PACKAGES_prepend', pn + ' ')
-    d.setVar('FILES_' + pn, d.getVar('SECONDARY_TRUSTED_PRIV_KEY', True))
-    d.setVar('CONFFILES_' + pn, d.getVar('SECONDARY_TRUSTED_PRIV_KEY', True))
-
-    pn = d.getVar('PN', True) + '-modsign-privkey'
-    d.setVar('PACKAGES_prepend', pn + ' ')
-    d.setVar('FILES_' + pn, d.getVar('MODSIGN_PRIV_KEY', True))
-    d.setVar('CONFFILES_' + pn, d.getVar('MODSIGN_PRIV_KEY', True))
-
-    pn = d.getVar('PN', True) + '-ima-privkey'
-    d.setVar('PACKAGES_prepend', pn + ' ')
-    d.setVar('FILES_' + pn, d.getVar('IMA_PRIV_KEY', True))
-    d.setVar('CONFFILES_' + pn, d.getVar('IMA_PRIV_KEY', True))
-
     pn = d.getVar('PN', True) + '-rpm-pubkey'
     d.setVar('PACKAGES_prepend', pn + ' ')
     d.setVar('FILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True))
@@ -93,36 +61,18 @@ do_install() {
     key_dir="${@uks_system_trusted_keys_dir(d)}"
     install -m 0644 "$key_dir/system_trusted_key.crt" "${D}${SYSTEM_CERT}"
 
-    if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then
-        install -m 0400 "$key_dir/system_trusted_key.key" "${D}${SYSTEM_PRIV_KEY}"
-    fi
-
     key_dir="${@uks_secondary_trusted_keys_dir(d)}"
     install -m 0644 "$key_dir/secondary_trusted_key.crt" \
         "${D}${SECONDARY_TRUSTED_CERT}"
     openssl x509 -inform PEM -outform DER -in "${D}${SECONDARY_TRUSTED_CERT}" \
         -out "${D}${SECONDARY_TRUSTED_DER_ENC_CERT}"
 
-    if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then
-        install -m 0400 "$key_dir/secondary_trusted_key.key" \
-            "${D}${SECONDARY_TRUSTED_PRIV_KEY}"
-    fi
-
     key_dir="${@uks_modsign_keys_dir(d)}"
     install -m 0644 "$key_dir/modsign_key.crt" \
         "${D}${MODSIGN_CERT}"
 
-    if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then
-        install -m 0400 "$key_dir/modsign_key.key" \
-            "${D}${MODSIGN_PRIV_KEY}"
-    fi
-
     key_dir="${@uks_ima_keys_dir(d)}"
     install -m 0644 "$key_dir/x509_ima.der" "${D}${IMA_CERT}"
-
-    if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then
-        install -m 0400 "$key_dir/x509_ima.key" "${D}${IMA_PRIV_KEY}"
-    fi
 }
 
 do_install[prefuncs] += "check_deploy_keys"
@@ -158,10 +108,6 @@ PACKAGES = "\
 
 # Note any private key is not available if user key signing model used.
 PACKAGES_DYNAMIC = "\
-    ${PN}-system-trusted-privkey \
-    ${PN}-secondary-trusted-privkey \
-    ${PN}-modsign-privkey \
-    ${PN}-ima-privkey \
     ${PN}-rpm-pubkey \
 "