From fd55c6e86b38b33f62006324e73678a13a534220 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 10 Feb 2016 16:15:58 +0200 Subject: oe/gpg_sign: add 'passphrase' argument to detach_sign method This allows directly giving the passphrase, instead of reading from a file. [YOCTO #9006] Signed-off-by: Markus Lehtonen Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/lib/oe/gpg_sign.py | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'meta/lib/oe') diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index c4cadd6a24..ada1b2f408 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -50,20 +50,30 @@ class LocalSigner(object): bb.error('rpmsign failed: %s' % proc.before.strip()) raise bb.build.FuncFailed("Failed to sign RPM packages") - def detach_sign(self, input_file, keyid, passphrase_file, armor=True): + def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True): """Create a detached signature of a file""" - cmd = "%s --detach-sign --batch --no-tty --yes " \ - "--passphrase-file '%s' -u '%s' " % \ - (self.gpg_bin, passphrase_file, keyid) + import subprocess + + if passphrase_file and passphrase: + raise Exception("You should use either passphrase_file of passphrase, not both") + + cmd = [self.gpg_bin, '--detach-sign', '--batch', '--no-tty', '--yes', + '-u', keyid] + if passphrase_file: + cmd += ['--passphrase-file', passphrase_file] + else: + cmd += ['--passphrase-fd', '0'] if self.gpg_path: - cmd += "--homedir %s " % self.gpg_path + cmd += ['--homedir', self.gpg_path] if armor: - cmd += "--armor " - cmd += input_file - status, output = oe.utils.getstatusoutput(cmd) - if status: + cmd += ['--armor'] + cmd.append(input_file) + job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + _, stderr = job.communicate(passphrase) + if job.returncode: raise bb.build.FuncFailed("Failed to create signature for '%s': %s" % - (input_file, output)) + (input_file, stderr)) def verify(self, sig_file): """Verify signature""" -- cgit v1.2.3