xref: /OK3568_Linux_fs/yocto/poky/meta/classes/sign_package_feed.bbclass (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun# Class for signing package feeds
2*4882a593Smuzhiyun#
3*4882a593Smuzhiyun# Related configuration variables that will be used after this class is
4*4882a593Smuzhiyun# iherited:
5*4882a593Smuzhiyun# PACKAGE_FEED_PASSPHRASE_FILE
6*4882a593Smuzhiyun#           Path to a file containing the passphrase of the signing key.
7*4882a593Smuzhiyun# PACKAGE_FEED_GPG_NAME
8*4882a593Smuzhiyun#           Name of the key to sign with. May be key id or key name.
9*4882a593Smuzhiyun# PACKAGE_FEED_GPG_BACKEND
10*4882a593Smuzhiyun#           Optional variable for specifying the backend to use for signing.
11*4882a593Smuzhiyun#           Currently the only available option is 'local', i.e. local signing
12*4882a593Smuzhiyun#           on the build host.
13*4882a593Smuzhiyun# PACKAGE_FEED_GPG_SIGNATURE_TYPE
14*4882a593Smuzhiyun#           Optional variable for specifying the type of gpg signature, can be:
15*4882a593Smuzhiyun#               1. Ascii armored (ASC), default if not set
16*4882a593Smuzhiyun#               2. Binary (BIN)
17*4882a593Smuzhiyun#           This variable is only available for IPK feeds. It is ignored on
18*4882a593Smuzhiyun#           other packaging backends.
19*4882a593Smuzhiyun# GPG_BIN
20*4882a593Smuzhiyun#           Optional variable for specifying the gpg binary/wrapper to use for
21*4882a593Smuzhiyun#           signing.
22*4882a593Smuzhiyun# GPG_PATH
23*4882a593Smuzhiyun#           Optional variable for specifying the gnupg "home" directory:
24*4882a593Smuzhiyun#
25*4882a593Smuzhiyuninherit sanity
26*4882a593Smuzhiyun
27*4882a593SmuzhiyunPACKAGE_FEED_SIGN = '1'
28*4882a593SmuzhiyunPACKAGE_FEED_GPG_BACKEND ?= 'local'
29*4882a593SmuzhiyunPACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC'
30*4882a593SmuzhiyunPACKAGEINDEXDEPS += "gnupg-native:do_populate_sysroot"
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun# Make feed signing key to be present in rootfs
33*4882a593SmuzhiyunFEATURE_PACKAGES_package-management:append = " signing-keys-packagefeed"
34*4882a593Smuzhiyun
35*4882a593Smuzhiyunpython () {
36*4882a593Smuzhiyun    # Check sanity of configuration
37*4882a593Smuzhiyun    for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'):
38*4882a593Smuzhiyun        if not d.getVar(var):
39*4882a593Smuzhiyun            raise_sanity_error("You need to define %s in the config" % var, d)
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun    sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE")
42*4882a593Smuzhiyun    if sigtype.upper() != "ASC" and sigtype.upper() != "BIN":
43*4882a593Smuzhiyun        raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype)
44*4882a593Smuzhiyun}
45*4882a593Smuzhiyun
46*4882a593Smuzhiyundo_package_index[depends] += "signing-keys:do_deploy"
47*4882a593Smuzhiyundo_rootfs[depends] += "signing-keys:do_populate_sysroot gnupg-native:do_populate_sysroot"
48