summaryrefslogtreecommitdiff
path: root/meta
diff options
context:
space:
mode:
authorMarkus Lehtonen <markus.lehtonen@linux.intel.com>2016-02-10 16:15:58 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-18 22:55:11 +0000
commitfd55c6e86b38b33f62006324e73678a13a534220 (patch)
tree126782c9c65e2f6582e40a302313f21cc06c82ad /meta
parente2412294b6b1d3a80ee97a0706613349edc51d33 (diff)
downloadopenembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.tar.gz
openembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.tar.bz2
openembedded-core-fd55c6e86b38b33f62006324e73678a13a534220.zip
oe/gpg_sign: add 'passphrase' argument to detach_sign method
This allows directly giving the passphrase, instead of reading from a file. [YOCTO #9006] Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/lib/oe/gpg_sign.py30
1 files changed, 20 insertions, 10 deletions
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index c4cadd6a24..ada1b2f408 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -50,20 +50,30 @@ class LocalSigner(object):
bb.error('rpmsign failed: %s' % proc.before.strip())
raise bb.build.FuncFailed("Failed to sign RPM packages")
- def detach_sign(self, input_file, keyid, passphrase_file, armor=True):
+ def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
"""Create a detached signature of a file"""
- cmd = "%s --detach-sign --batch --no-tty --yes " \
- "--passphrase-file '%s' -u '%s' " % \
- (self.gpg_bin, passphrase_file, keyid)
+ import subprocess
+
+ if passphrase_file and passphrase:
+ raise Exception("You should use either passphrase_file of passphrase, not both")
+
+ cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes',
+ '-u', keyid]
+ if passphrase_file:
+ cmd += ['--passphrase-file', passphrase_file]
+ else:
+ cmd += ['--passphrase-fd', '0']
if self.gpg_path:
- cmd += "--homedir %s " % self.gpg_path
+ cmd += ['--homedir', self.gpg_path]
if armor:
- cmd += "--armor "
- cmd += input_file
- status, output = oe.utils.getstatusoutput(cmd)
- if status:
+ cmd += ['--armor']
+ cmd.append(input_file)
+ job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ _, stderr = job.communicate(passphrase)
+ if job.returncode:
raise bb.build.FuncFailed("Failed to create signature for '%s': %s" %
- (input_file, output))
+ (input_file, stderr))
def verify(self, sig_file):
"""Verify signature"""