mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-04-20 18:08:17 +00:00
Code Issues Projects Releases Wiki Activity
Files
393b80fa358557bd24dde6a0b7052fcb87eb32d7
meta-secure-core/meta-integrity/classes/sign_rpm_ext.bbclass
Sandy 393b80fa35 sign_rpm_ext.bbclass: fix check_rpm_public_key failed while host not install gpg (#124) 
Due to the following reasons, need to add the dependency to
task who needs to run check_rpm_public_key:
* packagegroup recipe don't have task prepare_recipe_sysroot
* varflags depends don't work for prefuncs

Signed-off-by: Changqing Li <changqing.li@windriver.com>
2019-11-07 17:31:03 +08:00

60 lines
2.2 KiB
Plaintext
Raw Blame History

# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build
# environment. By default, the values for the sample keys are configured
# in meta-signing-key.
RPM_SIGN_FILES = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}"
# By default, the values below are applicable for the sample keys provided
# by meta-signing-key.
RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
RPM_FSK_PASSWORD ?= "password"
inherit sign_rpm user-key-store
GPG_DEP = "${@'' if d.getVar('GPG_BIN') else 'gnupg-native:do_populate_sysroot pinentry-native:do_populate_sysroot'}"
python check_rpm_public_key () {
gpg_path = d.getVar('GPG_PATH', True)
gpg_bin = d.getVar('GPG_BIN', True) or \
bb.utils.which(os.getenv('PATH'), 'gpg')
gpg_keyid = d.getVar('RPM_GPG_NAME', True)
# Check RPM_GPG_NAME and RPM_GPG_PASSPHRASE
cmd = "%s --homedir %s --list-keys %s" % \
(gpg_bin, gpg_path, gpg_keyid)
status, output = oe.utils.getstatusoutput(cmd)
if not status:
return
# Import RPM_GPG_NAME if not found
gpg_key = uks_rpm_keys_dir(d) + 'RPM-GPG-PRIVKEY-' + gpg_keyid
cmd = '%s --batch --homedir %s --passphrase %s --import %s' % \
(gpg_bin, gpg_path, d.getVar('RPM_GPG_PASSPHRASE', True), gpg_key)
status, output = oe.utils.getstatusoutput(cmd)
if status:
bb.fatal('Failed to import gpg key (%s): %s' % (gpg_key, output))
}
check_rpm_public_key[lockfiles] = "${TMPDIR}/check_rpm_public_key.lock"
check_rpm_public_key[prefuncs] += "check_deploy_keys"
do_package_write_rpm[depends] += "${GPG_DEP}"
do_rootfs[depends] += "${GPG_DEP}"
python do_package_write_rpm_prepend() {
bb.build.exec_func("check_rpm_public_key", d)
}
python do_rootfs_prepend() {
bb.build.exec_func("check_rpm_public_key", d)
}
python () {
gpg_path = d.getVar('GPG_PATH', True)
if not gpg_path:
gpg_path = d.getVar('TMPDIR', True) + '/.gnupg'
d.setVar('GPG_PATH', gpg_path)
if not os.path.exists(gpg_path):
status, output = oe.utils.getstatusoutput('mkdir -m 0700 -p %s' % gpg_path)
if status:
bb.fatal('Failed to create gpg keying %s: %s' % (gpg_path, output))
}
Reference in New Issue View Git Blame Copy Permalink