diff options
-rw-r--r-- | meta/classes/sign_package_feed.bbclass | 5 | ||||
-rw-r--r-- | meta/classes/sign_rpm.bbclass | 5 | ||||
-rw-r--r-- | meta/lib/oe/gpg_sign.py | 48 |
3 files changed, 56 insertions, 2 deletions
diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass index d5df8afb9f..953fa85053 100644 --- a/meta/classes/sign_package_feed.bbclass +++ b/meta/classes/sign_package_feed.bbclass @@ -24,7 +24,10 @@ PACKAGE_FEED_GPG_BACKEND ?= 'local' python () { # Check sanity of configuration - for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'): + required = ['PACKAGE_FEED_GPG_NAME'] + if d.getVar('PACKAGE_FEED_GPG_BACKEND', True) != 'obssign': + required.append('PACKAGE_FEED_GPG_PASSPHRASE_FILE') + for var in required: if not d.getVar(var, True): raise_sanity_error("You need to define %s in the config" % var, d) diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 8bcabeec91..8be1c35935 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass @@ -23,7 +23,10 @@ RPM_GPG_BACKEND ?= 'local' python () { # Check configuration - for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE_FILE'): + required = ['RPM_GPG_NAME'] + if d.getVar('RPM_GPG_BACKEND', True) != 'obssign': + required.append('RPM_GPG_PASSPHRASE_FILE') + for var in required: if not d.getVar(var, True): raise_sanity_error("You need to define %s in the config" % var, d) diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 55abad8ffc..d8ab816a84 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -66,11 +66,59 @@ class LocalSigner(object): (input_file, output)) +class ObsSigner(object): + """Class for handling signing with obs-signd""" + def __init__(self, keyid): + self.keyid = keyid + self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpm") + + def export_pubkey(self, output_file): + """Export GPG public key to a file""" + cmd = "sign -u '%s' -p" % self.keyid + status, output = oe.utils.getstatusoutput(cmd) + if status: + raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % + (self.keyid, output)) + with open(output_file, 'w') as fobj: + fobj.write(output) + fobj.write('\n') + + def sign_rpms(self, files): + """Sign RPM files""" + import pexpect + + # Remove existing signatures + cmd = "%s --delsign %s" % (self.rpm_bin, ' '.join(files)) + status, output = oe.utils.getstatusoutput(cmd) + if status: + raise bb.build.FuncFailed("Failed to remove RPM signatures: %s" % + output) + # Sign packages + cmd = "sign -u '%s' -r %s" % (self.keyid, ' '.join(files)) + status, output = oe.utils.getstatusoutput(cmd) + if status: + raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % + output) + + def detach_sign(self, input_file): + """Create a detached signature of a file""" + cmd = "sign -u '%s' -d %s" % (self.keyid, input_file) + status, output = oe.utils.getstatusoutput(cmd) + if status: + raise bb.build.FuncFailed("Failed to create signature for '%s': %s" % + (input_file, output)) + + def get_signer(d, backend, keyid, passphrase_file): """Get signer object for the specified backend""" # Use local signing by default if backend == 'local': return LocalSigner(d, keyid, passphrase_file) + elif backend == 'obssign': + if passphrase_file: + bb.note("GPG passphrase file setting not used when 'obssign' " + "backend is used.") + return ObsSigner(keyid) else: bb.fatal("Unsupported signing backend '%s'" % backend) |