diff options
| author |   Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2017-03-16 15:19:05 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-17 11:55:24 +0000 |
| commit | f30c1653cc5ef9daf594cbd3faad329b9fa08ab7 (patch) | |
| tree | 0a6897a1baf63c803c5e63a0b5df1c3f6f9d292b | |
| parent | 3a9e2fdef9316e24b52ce99ac355fc2b09786c72 (diff) | |
| download | openembedded-core-contrib-f30c1653cc5ef9daf594cbd3faad329b9fa08ab7.tar.gz | |
lib/oe/package_manager: import rpm signing key to rpmdb
Import the gpg key used in rpm signing into rpmdb. This makes it
possible again to create images when rpm signing is enabled.
Also, instruct dnf to enforce signature check if rpm signing is enabled.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/lib/oe/package_manager.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index b016bc32dc..eeb4c76071 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -520,7 +520,14 @@ class RpmPM(PackageManager): open(platformconfdir + "macros", 'a').write("%_prefer_color 7") if self.d.getVar('RPM_SIGN_PACKAGES') == '1': - raise NotImplementedError("Signature verification with rpm not yet supported.") + pubkey_path = self.d.getVar('RPM_GPG_PUBKEY') + rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmkeys") + cmd = [rpm_bin, '--root=%s' % self.target_rootfs, '--import', pubkey_path] + try: + subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as e: + bb.fatal("Importing GPG key failed. Command '%s' " + "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8"))) def create_configs(self): self._configure_dnf() @@ -570,7 +577,8 @@ class RpmPM(PackageManager): output = self._invoke_dnf((["--skip-broken"] if attempt_only else []) + (["-x", ",".join(exclude_pkgs)] if len(exclude_pkgs) > 0 else []) + (["--setopt=install_weak_deps=False"] if self.d.getVar('NO_RECOMMENDATIONS') == 1 else []) + - ["--nogpgcheck", "install"] + + (["--nogpgcheck"] if self.d.getVar('RPM_SIGN_PACKAGES') != '1' else ["--setopt=gpgcheck=True"]) + + ["install"] + pkgs) failed_scriptlets_pkgnames = collections.OrderedDict() |