openembedded-core.git/meta/classes/sign_rpm.bbclass, branch jethro Mirror of openembedded-core package signing: automatically export public keys 2015-10-24T11:17:16+00:00 Markus Lehtonen markus.lehtonen@linux.intel.com 2015-10-16T10:37:32+00:00 23b30c34581948e1ea02c25cbf7b9194d7e49fb8 Automatically export public key(s) of the signing key(s) from the gpg keyring. Adds a new simple recipe that does the actual task of exporting the keys. This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG PUBKEY settings obsolete. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> 
Automatically export public key(s) of the signing key(s) from the gpg
keyring. Adds a new simple recipe that does the actual task of exporting
the keys.  This patch makes the RPM_GPG_PUBKEY and PACKAGE_FEED_GPG
PUBKEY settings obsolete.

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting 2015-10-24T11:17:13+00:00 Markus Lehtonen markus.lehtonen@linux.intel.com 2015-10-15T11:35:20+00:00 6ea062dffce3df59cc4ba88edd181dc1dac759f9 Simplifies the configuration. Makes way for the removal of RPM_GPG_PUBKEY setting and possible future implementation of a separate signing server support. Also, moves the configuration sanity checking into a separate function. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> 
Simplifies the configuration. Makes way for the removal of
RPM_GPG_PUBKEY setting and possible future implementation of a separate
signing server support. Also, moves the configuration sanity checking
into a separate function.

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
sign_rpm.bbclass: be more verbose in case of error 2015-10-24T11:17:12+00:00 Markus Lehtonen markus.lehtonen@linux.intel.com 2015-10-15T11:19:15+00:00 3abdd2bf886e4b3bc7dd957c77a7745498386161 Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> 
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
sign_rpm.bbclass: introduce GPG_PATH variable 2015-10-24T11:17:11+00:00 Markus Lehtonen markus.lehtonen@linux.intel.com 2015-10-14T13:46:39+00:00 7ea2f8aca832433f448a79d103c945a63ac6474b This bitbake configuration variable can be used to define the gpg home directory. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> 
This bitbake configuration variable can be used to define the gpg home
directory.

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
package_rpm: support signing of rpm packages 2015-09-01T20:57:48+00:00 Markus Lehtonen markus.lehtonen@linux.intel.com 2015-08-21T14:21:57+00:00 75f5f11b19ba1bf8743caf9ee7c99a3c67f4b266 This patch adds a new bbclass for generating rpm packages that are signed with a user defined key. The packages are signed as part of the "package_write_rpm" task. In order to enable the feature you need to 1. 'INHERIT += " sign_rpm"' in bitbake config (e.g. local or distro) 2. Create a file that contains the passphrase to your gpg secret key 3. 'RPM_GPG_PASSPHRASE_FILE = "<path_to_file>" in bitbake config, pointing to the passphrase file created in 2. 4. Define GPG key name to use by either defining 'RPM_GPG_NAME = "<key_id>" in bitbake config OR by defining %_gpg_name <key_id> in your ~/.oerpmmacros file 5. 'RPM_GPG_PUBKEY = "<path_to_pubkey>" in bitbake config pointing to the public key (in "armor" format) The user may optionally define "GPG_BIN" variable in the bitbake configuration in order to specify a specific gpg binary/wrapper to use. The sign_rpm.bbclass implements a simple scenario of locally signing the packages. It could be replaced by a more advanced class that would utilize a separate signing server for signing the packages, for example. [YOCTO #8134] Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This patch adds a new bbclass for generating rpm packages that are
signed with a user defined key. The packages are signed as part of the
"package_write_rpm" task.

In order to enable the feature you need to
1. 'INHERIT += " sign_rpm"' in bitbake config (e.g. local or
   distro)
2. Create a file that contains the passphrase to your gpg secret key
3. 'RPM_GPG_PASSPHRASE_FILE = "<path_to_file>" in bitbake config,
   pointing to the passphrase file created in 2.
4. Define GPG key name to use by either defining
   'RPM_GPG_NAME = "<key_id>" in bitbake config OR by defining
   %_gpg_name <key_id> in your ~/.oerpmmacros file
5. 'RPM_GPG_PUBKEY = "<path_to_pubkey>" in bitbake config pointing to
   the public key (in "armor" format)

The user may optionally define "GPG_BIN" variable in the bitbake
configuration in order to specify a specific gpg binary/wrapper to use.

The sign_rpm.bbclass implements a simple scenario of locally signing the
packages. It could be replaced by a more advanced class that would
utilize a separate signing server for signing the packages, for example.

[YOCTO #8134]

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>