diff options
| author | Paul Barker <paul@paulbarker.me.uk> | 2014-12-21 13:26:27 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-03 14:53:44 +0000 |
| commit | 2104111edc85d057eb4fadecd007f5c592803da6 (patch) | |
| tree | eeb59abbe1211828fc6ccbef41515a40bc055164 | |
| parent | c4bc41cb2dd679629184a3693dd6c8d964a24d27 (diff) | |
| download | openembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.tar.gz openembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.tar.bz2 openembedded-core-2104111edc85d057eb4fadecd007f5c592803da6.zip | |
opkg-keyrings: New recipe
This recipe wraps package and package feed verification keys into a package,
making the management and deployment of verification keys much easier. Comments
on how to select keys for inclusion in this package are provided in the recipe
file.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
| -rw-r--r-- | meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb new file mode 100644 index 0000000000..18d6abdded --- /dev/null +++ b/meta/recipes-devtools/opkg/opkg-keyrings_1.0.bb @@ -0,0 +1,48 @@ +SUMMARY = "Keyrings for verifying opkg packages and feeds" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +# Distro-specific keys can be added to this package in two ways: +# +# 1) In a .bbappend, add .gpg and/or .asc files to SRC_URI and install them to +# ${D}${datadir}/opkg/keyrings/ in a do_install_append function. These +# files should not be named 'key-$name.gpg' to ensure they don't conflict +# with keys exported as per (2). +# +# 2) In a .bbappend, distro config or local.conf, override the variable +# OPKG_KEYRING_KEYS to contain a space-separated list of key names. For +# each name, 'gpg --export $name' will be ran to export the public key to a +# file named 'key-$name.gpg'. The public key must therefore be in the gpg +# keyrings on the build machine. + +OPKG_KEYRING_KEYS ?= "" + +do_compile() { + for name in ${OPKG_KEYRING_KEYS}; do + gpg --export ${name} > ${B}/key-${name}.gpg + done +} + +do_install () { + install -d ${D}${datadir}/opkg/keyrings/ + for name in ${OPKG_KEYRING_KEYS}; do + install -m 0644 ${B}/key-${name}.gpg ${D}${datadir}/opkg/keyrings/ + done +} + +FILES_${PN} = "${datadir}/opkg/keyrings" + +# We need 'opkg-key' to run the postinst script +RDEPENDS_${PN} = "opkg" + +pkg_postinst_${PN} () { +#! /bin/sh +set -e + +if [ x"$D" = "x" ]; then + # On target + opkg-key populate +else + exit 1 +fi +} |