summaryrefslogtreecommitdiff
path: root/meta/lib
diff options
context:
space:
mode:
authorIoan-Adrian Ratiu <adrian.ratiu@ni.com>2016-03-10 12:02:56 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-03-11 16:50:27 +0000
commit0413bd8e294ca8ac972ac68662b43a981952f5ae (patch)
tree1ed0943c34d7b0e5f04289ec215b42849dd73533 /meta/lib
parenta40f27aa7802e8a0bd87a5417e35adbface62d05 (diff)
downloadopenembedded-core-0413bd8e294ca8ac972ac68662b43a981952f5ae.tar.gz
openembedded-core-0413bd8e294ca8ac972ac68662b43a981952f5ae.tar.bz2
openembedded-core-0413bd8e294ca8ac972ac68662b43a981952f5ae.zip
gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor
Starting from v2.1 passing passwords directly to gpg does not work anymore [1], instead a loopback interface must be used otherwise gpg >2.1 will error out with: "gpg: signing failed: Inappropriate ioctl for device" gpg <2.1 does not work with the new --pinentry-mode arg and gives an invalid option error, so we detect what is the running version of gpg and pass it accordingly. [1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
-rw-r--r--meta/lib/oe/gpg_sign.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 059381d5e3..0b5dc20892 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -66,6 +66,13 @@ class LocalSigner(object):
if armor:
cmd += ['--armor']
+ #gpg > 2.1 supports password pipes only through the loopback interface
+ #gpg < 2.1 errors out if given unknown parameters
+ dots = self.get_gpg_version().split('.')
+ assert len(dots) >= 2
+ if int(dots[0]) >= 2 and int(dots[1]) >= 1:
+ cmd += ['--pinentry-mode', 'loopback']
+
cmd += [input_file]
try:
@@ -89,6 +96,15 @@ class LocalSigner(object):
raise Exception("Failed to sign '%s" % input_file)
+ def get_gpg_version(self):
+ """Return the gpg version"""
+ import subprocess
+ try:
+ return subprocess.check_output((self.gpg_bin, "--version")).split()[2]
+ except subprocess.CalledProcessError as e:
+ raise bb.build.FuncFailed("Could not get gpg version: %s" % e)
+
+
def verify(self, sig_file):
"""Verify signature"""
cmd = self.gpg_bin + " --verify "