diff options
author | Ioan-Adrian Ratiu <adrian.ratiu@ni.com> | 2016-03-10 12:02:56 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-11 16:50:45 +0000 |
commit | 0b088e0829f0187cd67df97b6825674a5a4087ce (patch) | |
tree | a0dd9b4180badec6a8187250f2a01d32b1e0e6c3 /meta | |
parent | 2fccd8aa1c96a6db056e2352b1d5039ce671a102 (diff) | |
download | openembedded-core-contrib-0b088e0829f0187cd67df97b6825674a5a4087ce.tar.gz |
gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor
Starting from v2.1 passing passwords directly to gpg does not work
anymore [1], instead a loopback interface must be used otherwise
gpg >2.1 will error out with:
"gpg: signing failed: Inappropriate ioctl for device"
gpg <2.1 does not work with the new --pinentry-mode arg and gives an
invalid option error, so we detect what is the running version of gpg
and pass it accordingly.
[1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
(From OE-Core rev: 0413bd8e294ca8ac972ac68662b43a981952f5ae)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/lib/oe/gpg_sign.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 059381d5e3..0b5dc20892 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -66,6 +66,13 @@ class LocalSigner(object): if armor: cmd += ['--armor'] + #gpg > 2.1 supports password pipes only through the loopback interface + #gpg < 2.1 errors out if given unknown parameters + dots = self.get_gpg_version().split('.') + assert len(dots) >= 2 + if int(dots[0]) >= 2 and int(dots[1]) >= 1: + cmd += ['--pinentry-mode', 'loopback'] + cmd += [input_file] try: @@ -89,6 +96,15 @@ class LocalSigner(object): raise Exception("Failed to sign '%s" % input_file) + def get_gpg_version(self): + """Return the gpg version""" + import subprocess + try: + return subprocess.check_output((self.gpg_bin, "--version")).split()[2] + except subprocess.CalledProcessError as e: + raise bb.build.FuncFailed("Could not get gpg version: %s" % e) + + def verify(self, sig_file): """Verify signature""" cmd = self.gpg_bin + " --verify " |