mirror of
https://github.com/jiazhang0/meta-secure-core.git
synced 2026-07-16 20:56:58 +00:00
sign_rpm_ext.bbclass: use the default setting from meta-signing-key
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
This commit is contained in:
@@ -1,8 +1,6 @@
|
|||||||
# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build
|
# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build
|
||||||
# environment. By default, the values for the sample keys are configured
|
# environment. By default, the values for the sample keys are configured
|
||||||
# in meta-signing-key.
|
# in meta-signing-key.
|
||||||
RPM_GPG_NAME ?= "SecureCore"
|
|
||||||
RPM_GPG_PASSPHRASE ?= "SecureCore"
|
|
||||||
|
|
||||||
RPM_GPG_BACKEND ?= "local"
|
RPM_GPG_BACKEND ?= "local"
|
||||||
# SHA-256 is used for the file checksum digest.
|
# SHA-256 is used for the file checksum digest.
|
||||||
@@ -17,6 +15,9 @@ RPM_FSK_PASSWORD ?= "password"
|
|||||||
inherit sign_rpm user-key-store
|
inherit sign_rpm user-key-store
|
||||||
|
|
||||||
python () {
|
python () {
|
||||||
|
if d.getVar('RPM_SIGN_FILES', True) != '1':
|
||||||
|
return
|
||||||
|
|
||||||
gpg_path = d.getVar('GPG_PATH', True)
|
gpg_path = d.getVar('GPG_PATH', True)
|
||||||
if not gpg_path:
|
if not gpg_path:
|
||||||
gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg'
|
gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg'
|
||||||
|
|||||||
@@ -1,17 +1,5 @@
|
|||||||
python check_public_keys () {
|
python check_public_keys () {
|
||||||
gpg_path = d.getVar('GPG_PATH', True)
|
gpg_path = d.getVar('GPG_PATH', True)
|
||||||
if not gpg_path:
|
|
||||||
gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg'
|
|
||||||
|
|
||||||
if not os.path.exists(gpg_path):
|
|
||||||
cmd = ' '.join(('mkdir -p', gpg_path))
|
|
||||||
status, output = oe.utils.getstatusoutput(cmd)
|
|
||||||
if status:
|
|
||||||
raise bb.build.FuncFailed('Failed to create gpg keying %s: %s' %
|
|
||||||
(gpg_path, output))
|
|
||||||
|
|
||||||
d.setVar('GPG_PATH', gpg_path)
|
|
||||||
|
|
||||||
gpg_bin = d.getVar('GPG_BIN', True) or \
|
gpg_bin = d.getVar('GPG_BIN', True) or \
|
||||||
bb.utils.which(os.getenv('PATH'), 'gpg')
|
bb.utils.which(os.getenv('PATH'), 'gpg')
|
||||||
gpg_keyid = d.getVar('RPM_GPG_NAME', True)
|
gpg_keyid = d.getVar('RPM_GPG_NAME', True)
|
||||||
|
|||||||
@@ -41,8 +41,8 @@ VENDOR_UUID = "1f7b9654-2107-4697-8f1c-0cbc38874588"
|
|||||||
UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}"
|
UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}"
|
||||||
|
|
||||||
SAMPLE_RPM_KEYNAME ??= "SecureCore"
|
SAMPLE_RPM_KEYNAME ??= "SecureCore"
|
||||||
RPM_GPG_NAME ??= "${SAMPLE_RPM_KEYNAME}"
|
RPM_GPG_NAME ?= "${SAMPLE_RPM_KEYNAME}"
|
||||||
RPM_GPG_PASSPHRASE ??= "SecureCore"
|
RPM_GPG_PASSPHRASE ?= "SecureCore"
|
||||||
|
|
||||||
BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \
|
BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \
|
||||||
RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \
|
RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \
|
||||||
|
|||||||
Reference in New Issue
Block a user