summaryrefslogtreecommitdiff
path: root/meta/classes
diff options
context:
space:
mode:
authorRandy Witt <randy.e.witt@linux.intel.com>2016-04-07 16:34:49 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-04-08 07:53:09 +0100
commit0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a (patch)
tree9793ce414ea29d5583379afea33ebe42b1d2b6e6 /meta/classes
parentd28935d84ea4530fc1b7cedfdbc80f311c72f7dd (diff)
downloadopenembedded-core-0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a.tar.gz
openembedded-core-0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a.tar.bz2
openembedded-core-0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a.zip
sstatesig.py: Split single locked sigs check into multiple checks
Add the SIGGEN_LOCKEDSIGS_TASKSIG_CHECK and SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK variables to replace SIGGEN_LOCKEDSIGS_CHECK_LEVEL. SIGGEN_LOCKEDSIGS_TASKSIG_CHECK will no control whether there is a warning or error if a task's hash in the locked signature file doesn't match the computed hash from the current metadata. SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK will control whther there is a warning or error if a task that supports sstate is in the locked signature file, but no sstate exists for the task. Previously you could only have warning/errors for both controlled by SIGGEN_LOCKEDSIGS_CHECK_LEVEL. This was an issue in the extensible sdk, because we know sstate won't exist for certain items in the reverse dependencies list for tasks. However, we still want to error if task signatures don't match. [YOCTO #9195] Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/sstate.bbclass8
1 files changed, 7 insertions, 1 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 3234e7914c..8c623271ad 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -53,7 +53,13 @@ SSTATEPOSTINSTFUNCS = ""
EXTRA_STAGING_FIXMES ?= ""
SSTATECLEANFUNCS = ""
-SIGGEN_LOCKEDSIGS_CHECK_LEVEL ?= 'error'
+# Check whether sstate exists for tasks that support sstate and are in the
+# locked signatures file.
+SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK ?= 'error'
+
+# Check whether the task's computed hash matches the task's hash in the
+# locked signatures file.
+SIGGEN_LOCKEDSIGS_TASKSIG_CHECK ?= "error"
# The GnuPG key ID and passphrase to use to sign sstate archives (or unset to
# not sign)