1# Class for signing package feeds 2# 3# Related configuration variables that will be used after this class is 4# iherited: 5# PACKAGE_FEED_PASSPHRASE_FILE 6# Path to a file containing the passphrase of the signing key. 7# PACKAGE_FEED_GPG_NAME 8# Name of the key to sign with. May be key id or key name. 9# PACKAGE_FEED_GPG_BACKEND 10# Optional variable for specifying the backend to use for signing. 11# Currently the only available option is 'local', i.e. local signing 12# on the build host. 13# PACKAGE_FEED_GPG_SIGNATURE_TYPE 14# Optional variable for specifying the type of gpg signature, can be: 15# 1. Ascii armored (ASC), default if not set 16# 2. Binary (BIN) 17# This variable is only available for IPK feeds. It is ignored on 18# other packaging backends. 19# GPG_BIN 20# Optional variable for specifying the gpg binary/wrapper to use for 21# signing. 22# GPG_PATH 23# Optional variable for specifying the gnupg "home" directory: 24# 25inherit sanity 26 27PACKAGE_FEED_SIGN = '1' 28PACKAGE_FEED_GPG_BACKEND ?= 'local' 29PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC' 30PACKAGEINDEXDEPS += "gnupg-native:do_populate_sysroot" 31 32# Make feed signing key to be present in rootfs 33FEATURE_PACKAGES_package-management:append = " signing-keys-packagefeed" 34 35python () { 36 # Check sanity of configuration 37 for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'): 38 if not d.getVar(var): 39 raise_sanity_error("You need to define %s in the config" % var, d) 40 41 sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE") 42 if sigtype.upper() != "ASC" and sigtype.upper() != "BIN": 43 raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype) 44} 45 46do_package_index[depends] += "signing-keys:do_deploy" 47do_rootfs[depends] += "signing-keys:do_populate_sysroot gnupg-native:do_populate_sysroot" 48