sign_rpm_ext: make sure all target recipes are signed

Placing the key import logic under signing-keys cannot ensure all
target recipes are always signed. Instead, place it before
do_package_write_rpm.

Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
This commit is contained in:
Jia Zhang
2017-08-24 08:18:01 +08:00
parent 6fd5d7be55
commit c2962bba6d
2 changed files with 26 additions and 24 deletions
@@ -10,6 +10,32 @@ RPM_FSK_PASSWORD ?= "password"
inherit sign_rpm user-key-store
python check_rpm_public_key () {
gpg_path = d.getVar('GPG_PATH', True)
gpg_bin = d.getVar('GPG_BIN', True) or \
bb.utils.which(os.getenv('PATH'), 'gpg')
gpg_keyid = d.getVar('RPM_GPG_NAME', True)
# Check RPM_GPG_NAME and RPM_GPG_PASSPHRASE
cmd = "%s --homedir %s --list-keys %s" % \
(gpg_bin, gpg_path, gpg_keyid)
status, output = oe.utils.getstatusoutput(cmd)
if not status:
return
# Import RPM_GPG_NAME if not found
gpg_key = uks_rpm_keys_dir(d) + 'RPM-GPG-PRIVKEY-' + gpg_keyid
cmd = '%s --batch --homedir %s --passphrase %s --import %s' % \
(gpg_bin, gpg_path, d.getVar('RPM_GPG_PASSPHRASE', True), gpg_key)
status, output = oe.utils.getstatusoutput(cmd)
if status:
raise bb.build.FuncFailed('Failed to import gpg key (%s): %s' %
(gpg_key, output))
}
check_rpm_public_key[lockfiles] = "${TMPDIR}/check_rpm_public_key.lock"
do_package_write_rpm[prefuncs] += "check_rpm_public_key"
check_rpm_public_key[prefuncs] += "check_deploy_keys"
python () {
gpg_path = d.getVar('GPG_PATH', True)
if not gpg_path:
@@ -1,24 +0,0 @@
python check_public_keys () {
gpg_path = d.getVar('GPG_PATH', True)
gpg_bin = d.getVar('GPG_BIN', True) or \
bb.utils.which(os.getenv('PATH'), 'gpg')
gpg_keyid = d.getVar('RPM_GPG_NAME', True)
# Check RPM_GPG_NAME and RPM_GPG_PASSPHRASE
cmd = "%s --homedir %s --list-keys %s" % \
(gpg_bin, gpg_path, gpg_keyid)
status, output = oe.utils.getstatusoutput(cmd)
if not status:
return
# Import RPM_GPG_NAME if not found
gpg_key = uks_rpm_keys_dir(d) + 'RPM-GPG-PRIVKEY-' + gpg_keyid
cmd = '%s --batch --homedir %s --passphrase %s --import %s' % \
(gpg_bin, gpg_path, d.getVar('RPM_GPG_PASSPHRASE', True), gpg_key)
status, output = oe.utils.getstatusoutput(cmd)
if status:
raise bb.build.FuncFailed('Failed to import gpg key (%s): %s' %
(gpg_key, output))
}
check_public_keys[lockfiles] = "${TMPDIR}/check_public_keys.lock"
do_get_public_keys[prefuncs] += "check_public_keys"