meta-integrity: enable sign_rpm_ext to support rpm and file signing

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2026-04-20 09:58:31 +00:00 · 2017-07-11 12:58:05 +08:00
parent 6ab1f54732
commit fbce2ce14b
2 changed files with 22 additions and 0 deletions
--- a/meta-integrity/classes/sign_rpm_ext.bbclass
+++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -0,0 +1,20 @@
+#DEPENDS += "gnupg-native"
+
+#RPM_GPG_NAME ?= "SecureCore Sample RPM Signing Key"
+#RPM_GPG_PASSPHRASE ?= "password"
+RPM_GPG_NAME ?= "testkey"
+RPM_GPG_PASSPHRASE ?= "123456"
+RPM_GPG_BACKEND ?= "local"
+# SHA-256 is used for the file checksum digest.
+RPM_FILE_CHECKSUM_DIGEST ?= "8"
+
+RPM_SIGN_FILES = "1"
+RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
+RPM_FSK_PASSWORD ?= "password"
+
+inherit sign_rpm user-key-store
+
+#python () {
+#    if not d.getVar('GPG_PATH', True):
+#        d.setVar('GPG_PATH', d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg')
+#}
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -17,3 +17,5 @@ LAYERDEPENDS_integrity = "\
    tpm2 \
    tpm \
 "
+
+INHERIT += "sign_rpm_ext"