Files
Ovidiu Panait b1dee36ce6 sign_rpm_ext: Use socket redirection to avoid GPG_PATH length limitation
Currently, an error will be thrown when trying to use a GPG homedir whose path
length exceeds 80 characters. This limitation can be worked around by providing
libassuan socket redirection files for "S.gpg-agent.yocto-native",
"S.gpg-agent.ssh", "S.gpg-agent.browser" and "S.gpg-agent.extra"
sockets. The redirection files will point to the real sockets in /tmp
directory. The sockets will be automatically cleaned up by gpg agent.

References:
[1] https://dev.gnupg.org/T1752
[2] https://gnupg.org/documentation/manuals/assuan.pdf

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
2020-03-01 19:26:24 +08:00

38 lines
1.2 KiB
Plaintext

# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build
# environment. By default, the values for the sample keys are configured
# in meta-signing-key.
RPM_SIGN_FILES = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}"
# By default, the values below are applicable for the sample keys provided
# by meta-signing-key.
RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
RPM_FSK_PASSWORD ?= "password"
inherit sign_rpm user-key-store
GPG_DEP = "${@'' if d.getVar('GPG_BIN') else 'gnupg-native:do_populate_sysroot pinentry-native:do_populate_sysroot'}"
python check_rpm_public_key () {
check_gpg_key('RPM', uks_rpm_keys_dir, d)
}
check_rpm_public_key[lockfiles] = "${TMPDIR}/gpg_key.lock"
check_rpm_public_key[prefuncs] += "check_deploy_keys"
do_package_write_rpm[depends] += "${GPG_DEP}"
do_rootfs[depends] += "${GPG_DEP}"
python do_package_write_rpm_prepend() {
bb.build.exec_func("check_rpm_public_key", d)
}
python do_rootfs_prepend() {
bb.build.exec_func("check_rpm_public_key", d)
}
python () {
gpg_path = d.getVar('GPG_PATH', True)
if not gpg_path:
gpg_path = d.getVar('TMPDIR', True) + '/.gnupg'
d.setVar('GPG_PATH', gpg_path)
}