diff options
| author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-02-10 16:15:58 +0200 | 
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-18 22:55:11 +0000 | 
| commit | fd55c6e86b38b33f62006324e73678a13a534220 (patch) | |
| tree | 126782c9c65e2f6582e40a302313f21cc06c82ad /meta/lib | |
| parent | e2412294b6b1d3a80ee97a0706613349edc51d33 (diff) | |
| download | openembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.tar.gz openembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.tar.bz2 openembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.zip | |
oe/gpg_sign: add 'passphrase' argument to detach_sign method
This allows directly giving the passphrase, instead of reading from a
file.
[YOCTO #9006]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/gpg_sign.py | 30 | 
1 files changed, 20 insertions, 10 deletions
| diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index c4cadd6a24..ada1b2f408 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -50,20 +50,30 @@ class LocalSigner(object):              bb.error('rpmsign failed: %s' % proc.before.strip())              raise bb.build.FuncFailed("Failed to sign RPM packages") -    def detach_sign(self, input_file, keyid, passphrase_file, armor=True): +    def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):          """Create a detached signature of a file""" -        cmd = "%s --detach-sign --batch --no-tty --yes " \ -                  "--passphrase-file '%s' -u '%s' " % \ -                  (self.gpg_bin, passphrase_file, keyid) +        import subprocess + +        if passphrase_file and passphrase: +            raise Exception("You should use either passphrase_file of passphrase, not both") + +        cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes', +               '-u', keyid] +        if passphrase_file: +            cmd += ['--passphrase-file', passphrase_file] +        else: +            cmd += ['--passphrase-fd', '0']          if self.gpg_path: -            cmd += "--homedir %s " % self.gpg_path +            cmd += ['--homedir', self.gpg_path]          if armor: -            cmd += "--armor " -        cmd += input_file -        status, output = oe.utils.getstatusoutput(cmd) -        if status: +            cmd += ['--armor'] +        cmd.append(input_file) +        job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, +                               stderr=subprocess.PIPE) +        _, stderr = job.communicate(passphrase) +        if job.returncode:              raise bb.build.FuncFailed("Failed to create signature for '%s': %s" % -                                      (input_file, output)) +                                      (input_file, stderr))      def verify(self, sig_file):          """Verify signature""" | 
