openembedded-core.git/meta/classes/sign_ipk.bbclass, branch morty Mirror of openembedded-core gpg_sign: add local ipk package signing functionality 2016-03-11T16:50:27+00:00 Ioan-Adrian Ratiu adrian.ratiu@ni.com 2016-03-10T10:02:55+00:00 a40f27aa7802e8a0bd87a5417e35adbface62d05 Implement ipk signing inside the sign_ipk bbclass using the gpg_sign module and configure signing similar to how rpm does it. sign_ipk uses gpg_sign's detach_sign because its functionality is identical to package feed signing. IPK signing process is a bit different from rpm: - Signatures are stored outside ipk files; opkg connects to a feed server and downloads them to verify a package. - Signatures are of two types (both supported by opkg): binary or ascii armoured. By default we sign using ascii armoured. - Public keys are stored on targets to verify ipks using the opkg-keyrings recipe. Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Implement ipk signing inside the sign_ipk bbclass using the gpg_sign
module and configure signing similar to how rpm does it. sign_ipk uses
gpg_sign's detach_sign because its functionality is identical to package
feed signing.

IPK signing process is a bit different from rpm:
    - Signatures are stored outside ipk files; opkg connects to a feed
server and downloads them to verify a package.
    - Signatures are of two types (both supported by opkg): binary or
ascii armoured. By default we sign using ascii armoured.
    - Public keys are stored on targets to verify ipks using the
opkg-keyrings recipe.

Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>