aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Lehtonen <markus.lehtonen@linux.intel.com>2017-03-16 15:19:05 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-17 11:55:24 +0000
commitf30c1653cc5ef9daf594cbd3faad329b9fa08ab7 (patch)
tree0a6897a1baf63c803c5e63a0b5df1c3f6f9d292b
parent3a9e2fdef9316e24b52ce99ac355fc2b09786c72 (diff)
downloadopenembedded-core-contrib-f30c1653cc5ef9daf594cbd3faad329b9fa08ab7.zip
openembedded-core-contrib-f30c1653cc5ef9daf594cbd3faad329b9fa08ab7.tar.gz
openembedded-core-contrib-f30c1653cc5ef9daf594cbd3faad329b9fa08ab7.tar.bz2
lib/oe/package_manager: import rpm signing key to rpmdb
Import the gpg key used in rpm signing into rpmdb. This makes it possible again to create images when rpm signing is enabled. Also, instruct dnf to enforce signature check if rpm signing is enabled. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/lib/oe/package_manager.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index b016bc3..eeb4c76 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -520,7 +520,14 @@ class RpmPM(PackageManager):
open(platformconfdir + "macros", 'a').write("%_prefer_color 7")
if self.d.getVar('RPM_SIGN_PACKAGES') == '1':
- raise NotImplementedError("Signature verification with rpm not yet supported.")
+ pubkey_path = self.d.getVar('RPM_GPG_PUBKEY')
+ rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmkeys")
+ cmd = [rpm_bin, '--root=%s' % self.target_rootfs, '--import', pubkey_path]
+ try:
+ subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ bb.fatal("Importing GPG key failed. Command '%s' "
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
def create_configs(self):
self._configure_dnf()
@@ -570,7 +577,8 @@ class RpmPM(PackageManager):
output = self._invoke_dnf((["--skip-broken"] if attempt_only else []) +
(["-x", ",".join(exclude_pkgs)] if len(exclude_pkgs) > 0 else []) +
(["--setopt=install_weak_deps=False"] if self.d.getVar('NO_RECOMMENDATIONS') == 1 else []) +
- ["--nogpgcheck", "install"] +
+ (["--nogpgcheck"] if self.d.getVar('RPM_SIGN_PACKAGES') != '1' else ["--setopt=gpgcheck=True"]) +
+ ["install"] +
pkgs)
failed_scriptlets_pkgnames = collections.OrderedDict()