mirror of
https://github.com/jiazhang0/meta-secure-core.git
synced 2026-07-16 12:47:00 +00:00
fixup! sign_rpm_ext: Use socket redirection to avoid GPG_PATH length limitation
If GPG_PATH is already created by signing-keys do_get_public_keys task, subsequent executions of do_package_write_rpm will fail with "Filename too long" errors (this only affects builds using GPG paths larger than 80 characters). Fix this race condition by making sure that the redirection files are always present in the gpg homedir even if the directory already exists when the first package_write_rpm task executes. Also, make sure this new approach does not affect GPG_PATHs smaller than 80 chars. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
This commit is contained in:
@@ -482,13 +482,16 @@ def check_gpg_key(basekeyname, keydirfunc, d):
|
|||||||
f.write('auto-expand-secmem\n')
|
f.write('auto-expand-secmem\n')
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
|
if len(gpg_path) > 80:
|
||||||
bn = d.getVar('BUILDNAME', True)
|
bn = d.getVar('BUILDNAME', True)
|
||||||
socklist = ["yocto-native", "browser", "ssh", "extra"]
|
suffixlist = ["yocto-native", "browser", "ssh", "extra"]
|
||||||
for sock in socklist:
|
for suffix in suffixlist:
|
||||||
f = open(os.path.join(gpg_path, 'S.gpg-agent.' + sock), 'w')
|
socket = os.path.join(gpg_path, 'S.gpg-agent.' + suffix)
|
||||||
f.write('%Assuan%\n')
|
if not os.path.exists(socket):
|
||||||
f.write('socket=/tmp/S.gpg-agent.%s-%s\n' % (sock, bn))
|
f = open(socket, 'w')
|
||||||
f.close()
|
f.write('%Assuan%\n')
|
||||||
|
f.write('socket=/tmp/S.gpg-agent.%s-%s\n' % (suffix, bn))
|
||||||
|
f.close()
|
||||||
|
|
||||||
gpg_bin = d.getVar('GPG_BIN', True) or \
|
gpg_bin = d.getVar('GPG_BIN', True) or \
|
||||||
bb.utils.which(os.getenv('PATH'), 'gpg')
|
bb.utils.which(os.getenv('PATH'), 'gpg')
|
||||||
|
|||||||
Reference in New Issue
Block a user