import glob
from oe.gpg_sign import get_signer
- signer = get_signer(d,
- d.getVar('RPM_GPG_BACKEND', True),
- d.getVar('RPM_GPG_NAME', True),
- d.getVar('RPM_GPG_PASSPHRASE_FILE', True))
+ signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR', True) + '/*')
- signer.sign_rpms(rpms)
+ signer.sign_rpms(rpms,
+ d.getVar('RPM_GPG_NAME', True),
+ d.getVar('RPM_GPG_PASSPHRASE_FILE', True))
}
do_package_index[depends] += "signing-keys:do_export_public_keys"
class LocalSigner(object):
"""Class for handling local (on the build host) signing"""
- def __init__(self, d, keyid, passphrase_file):
- self.keyid = keyid
- self.passphrase_file = passphrase_file
+ def __init__(self, d):
self.gpg_bin = d.getVar('GPG_BIN', True) or \
bb.utils.which(os.getenv('PATH'), 'gpg')
self.gpg_path = d.getVar('GPG_PATH', True)
self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm")
- def export_pubkey(self, output_file):
+ def export_pubkey(self, output_file, keyid):
"""Export GPG public key to a file"""
cmd = '%s --batch --yes --export --armor -o %s ' % \
(self.gpg_bin, output_file)
if self.gpg_path:
cmd += "--homedir %s " % self.gpg_path
- cmd += self.keyid
+ cmd += keyid
status, output = oe.utils.getstatusoutput(cmd)
if status:
raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
- (self.keyid, output))
+ (keyid, output))
- def sign_rpms(self, files):
+ def sign_rpms(self, files, keyid, passphrase_file):
"""Sign RPM files"""
import pexpect
- cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % self.keyid
+ cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid
if self.gpg_bin:
cmd += "--define '%%__gpg %s' " % self.gpg_bin
if self.gpg_path:
proc = pexpect.spawn(cmd)
try:
proc.expect_exact('Enter pass phrase:', timeout=15)
- with open(self.passphrase_file) as fobj:
+ with open(passphrase_file) as fobj:
proc.sendline(fobj.readline().rstrip('\n'))
proc.expect(pexpect.EOF, timeout=900)
proc.close()
bb.error('rpmsign failed: %s' % proc.before.strip())
raise bb.build.FuncFailed("Failed to sign RPM packages")
- def detach_sign(self, input_file, armor=True):
+ def detach_sign(self, input_file, keyid, passphrase_file, armor=True):
"""Create a detached signature of a file"""
cmd = "%s --detach-sign --batch --no-tty --yes " \
"--passphrase-file '%s' -u '%s' " % \
- (self.gpg_bin, self.passphrase_file, self.keyid)
+ (self.gpg_bin, passphrase_file, keyid)
if self.gpg_path:
cmd += "--homedir %s " % self.gpg_path
if armor:
return ret
-def get_signer(d, backend, keyid, passphrase_file):
+def get_signer(d, backend):
"""Get signer object for the specified backend"""
# Use local signing by default
if backend == 'local':
- return LocalSigner(d, keyid, passphrase_file)
+ return LocalSigner(d)
else:
bb.fatal("Unsupported signing backend '%s'" % backend)
rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo")
if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
- signer = get_signer(self.d,
- self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True),
- self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
- self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
+ signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
else:
signer = None
index_cmds = []
# Sign repomd
if signer:
for repomd in repomd_files:
- signer.detach_sign(repomd)
+ signer.detach_sign(repomd,
+ self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
+ self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
# Copy pubkey(s) to repo
distro_version = self.d.getVar('DISTRO_VERSION', True) or "oe.0"
if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1':
if d.getVar("RPM_SIGN_PACKAGES", True):
# Export public key of the rpm signing key
- signer = get_signer(d,
- d.getVar('RPM_GPG_BACKEND', True),
- d.getVar('RPM_GPG_NAME', True),
- d.getVar('RPM_GPG_PASSPHRASE_FILE', True))
- signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True))
+ signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
+ signer.export_pubkey(d.getVar('RPM_GPG_PUBKEY', True),
+ d.getVar('RPM_GPG_NAME', True))
if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
# Export public key of the feed signing key
- signer = get_signer(d,
- d.getVar('PACKAGE_FEED_GPG_BACKEND', True),
- d.getVar('PACKAGE_FEED_GPG_NAME', True),
- d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True))
- signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True))
+ signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
+ signer.export_pubkey(d.getVar('PACKAGE_FEED_GPG_PUBKEY', True),
+ d.getVar('PACKAGE_FEED_GPG_NAME', True))
}
addtask do_export_public_keys before do_build
