blob: cf91750ec737d6180477db88659f2db6e92fcd52 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# Class for signing package feeds
#
# Related configuration variables that will be used after this class is
# iherited:
# PACKAGE_FEED_PASSPHRASE_FILE
# Path to a file containing the passphrase of the signing key.
# PACKAGE_FEED_GPG_NAME
# Name of the key to sign with. May be key id or key name.
# PACKAGE_FEED_GPG_BACKEND
# Optional variable for specifying the backend to use for signing.
# Currently the only available option is 'local', i.e. local signing
# on the build host.
# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
# GPG_PATH
# Optional variable for specifying the gnupg "home" directory:
# OBSSIGN_DELSIGN
# Optional variable, effective only when 'obssign' backend is enabled.
# Set to "1" to remove existing signatures from the RPM packages
# before signing with obs-sign.
#
inherit sanity
PACKAGE_FEED_SIGN = '1'
PACKAGE_FEED_GPG_BACKEND ?= 'local'
python () {
# Check sanity of configuration
required = ['PACKAGE_FEED_GPG_NAME']
if d.getVar('PACKAGE_FEED_GPG_BACKEND', True) != 'obssign':
required.append('PACKAGE_FEED_GPG_PASSPHRASE_FILE')
for var in required:
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
# Set expected location of the public key
d.setVar('PACKAGE_FEED_GPG_PUBKEY',
os.path.join(d.getVar('STAGING_ETCDIR_NATIVE', False),
'PACKAGE-FEED-GPG-PUBKEY'))
}
do_package_index[depends] += "signing-keys:do_export_public_keys"
|