summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Barker <paul@paulbarker.me.uk>2014-12-21 13:26:27 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-02-03 14:53:44 +0000
commit2104111edc85d057eb4fadecd007f5c592803da6 (patch)
treeeeb59abbe1211828fc6ccbef41515a40bc055164
parentc4bc41cb2dd679629184a3693dd6c8d964a24d27 (diff)
downloadopenembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.tar.gz
openembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.tar.bz2
openembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.zip
opkg-keyrings: New recipe
This recipe wraps package and package feed verification keys into a package, making the management and deployment of verification keys much easier. Comments on how to select keys for inclusion in this package are provided in the recipe file. Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
-rw-r--r--meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb48
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb
new file mode 100644
index 0000000000..18d6abdded
--- /dev/null
+++ b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb
@@ -0,0 +1,48 @@
+SUMMARY = "Keyrings for verifying opkg packages and feeds"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+# Distro-specific keys can be added to this package in two ways:
+#
+# 1) In a .bbappend, add .gpg and/or .asc files to SRC_URI and install them to
+# ${D}${datadir}/opkg/keyrings/ in a do_install_append function. These
+# files should not be named 'key-$name.gpg' to ensure they don't conflict
+# with keys exported as per (2).
+#
+# 2) In a .bbappend, distro config or local.conf, override the variable
+# OPKG_KEYRING_KEYS to contain a space-separated list of key names. For
+# each name, 'gpg --export $name' will be ran to export the public key to a
+# file named 'key-$name.gpg'. The public key must therefore be in the gpg
+# keyrings on the build machine.
+
+OPKG_KEYRING_KEYS ?= ""
+
+do_compile() {
+ for name in ${OPKG_KEYRING_KEYS}; do
+ gpg --export ${name} > ${B}/key-${name}.gpg
+ done
+}
+
+do_install () {
+ install -d ${D}${datadir}/opkg/keyrings/
+ for name in ${OPKG_KEYRING_KEYS}; do
+ install -m 0644 ${B}/key-${name}.gpg ${D}${datadir}/opkg/keyrings/
+ done
+}
+
+FILES_${PN} = "${datadir}/opkg/keyrings"
+
+# We need 'opkg-key' to run the postinst script
+RDEPENDS_${PN} = "opkg"
+
+pkg_postinst_${PN} () {
+#! /bin/sh
+set -e
+
+if [ x"$D" = "x" ]; then
+ # On target
+ opkg-key populate
+else
+ exit 1
+fi
+}