mirror of
https://git.yoctoproject.org/poky
synced 2026-05-30 12:29:55 +00:00
gpg_sign: add local ipk package signing functionality
Implement ipk signing inside the sign_ipk bbclass using the gpg_sign
module and configure signing similar to how rpm does it. sign_ipk uses
gpg_sign's detach_sign because its functionality is identical to package
feed signing.
IPK signing process is a bit different from rpm:
- Signatures are stored outside ipk files; opkg connects to a feed
server and downloads them to verify a package.
- Signatures are of two types (both supported by opkg): binary or
ascii armoured. By default we sign using ascii armoured.
- Public keys are stored on targets to verify ipks using the
opkg-keyrings recipe.
(From OE-Core rev: a40f27aa7802e8a0bd87a5417e35adbface62d05)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ioan-Adrian Ratiu
committed by
Richard Purdie
Richard Purdie
parent
6bd6a2b6fe
commit
2fccd8aa1c
@@ -246,6 +246,11 @@ python do_package_ipk () {
|
||||
bb.utils.unlockfile(lf)
|
||||
raise bb.build.FuncFailed("opkg-build execution failed")
|
||||
|
||||
if d.getVar('IPK_SIGN_PACKAGES', True) == '1':
|
||||
ipkver = "%s-%s" % (d.getVar('PKGV', True), d.getVar('PKGR', True))
|
||||
ipk_to_sign = "%s/%s_%s_%s.ipk" % (pkgoutdir, pkgname, ipkver, d.getVar('PACKAGE_ARCH', True))
|
||||
sign_ipk(d, ipk_to_sign)
|
||||
|
||||
cleanupcontrol(root)
|
||||
bb.utils.unlockfile(lf)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user