1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# Class for generating signed IPK packages.
#
# Configuration variables used by this class:
# IPK_GPG_PASSPHRASE_FILE
# Path to a file containing the passphrase of the signing key.
# IPK_GPG_NAME
# Name of the key to sign with.
# IPK_GPG_BACKEND
# Optional variable for specifying the backend to use for signing.
# Currently the only available option is 'local', i.e. local signing
# on the build host.
# IPK_GPG_SIGNATURE_TYPE
# Optional variable for specifying the type of gpg signatures, can be:
# 1. Ascii armored (ASC), default if not set
# 2. Binary (BIN)
# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
# GPG_PATH
# Optional variable for specifying the gnupg "home" directory:
#
inherit sanity
IPK_SIGN_PACKAGES = '1'
IPK_GPG_BACKEND ?= 'local'
IPK_GPG_SIGNATURE_TYPE ?= 'ASC'
python () {
# Check configuration
for var in ('IPK_GPG_NAME', 'IPK_GPG_PASSPHRASE_FILE'):
if not d.getVar(var, True):
raise_sanity_error("You need to define %s in the config" % var, d)
sigtype = d.getVar("IPK_GPG_SIGNATURE_TYPE", True)
if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
raise_sanity_error("Bad value for IPK_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype)
}
def sign_ipk(d, ipk_to_sign):
from oe.gpg_sign import get_signer
bb.debug(1, 'Signing ipk: %s' % ipk_to_sign)
signer = get_signer(d, d.getVar('IPK_GPG_BACKEND', True))
sig_type = d.getVar('IPK_GPG_SIGNATURE_TYPE', True)
is_ascii_sig = (sig_type.upper() != "BIN")
signer.detach_sign(ipk_to_sign,
d.getVar('IPK_GPG_NAME', True),
d.getVar('IPK_GPG_PASSPHRASE_FILE', True),
armor=is_ascii_sig)
|