xref: /OK3568_Linux_fs/yocto/poky/meta/classes/sign_rpm.bbclass (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1# Class for generating signed RPM packages.
2#
3# Configuration variables used by this class:
4# RPM_GPG_PASSPHRASE
5#           The passphrase of the signing key.
6# RPM_GPG_NAME
7#           Name of the key to sign with. May be key id or key name.
8# RPM_GPG_BACKEND
9#           Optional variable for specifying the backend to use for signing.
10#           Currently the only available option is 'local', i.e. local signing
11#           on the build host.
12# RPM_FILE_CHECKSUM_DIGEST
13#           Optional variable for specifying the algorithm for generating file
14#           checksum digest.
15# RPM_FSK_PATH
16#           Optional variable for the file signing key.
17# RPM_FSK_PASSWORD
18#           Optional variable for the file signing key password.
19# GPG_BIN
20#           Optional variable for specifying the gpg binary/wrapper to use for
21#           signing.
22# RPM_GPG_SIGN_CHUNK
23#           Optional variable indicating the number of packages used per gpg
24#           invocation
25# GPG_PATH
26#           Optional variable for specifying the gnupg "home" directory:
27
28inherit sanity
29
30RPM_SIGN_PACKAGES='1'
31RPM_SIGN_FILES ?= '0'
32RPM_GPG_BACKEND ?= 'local'
33# SHA-256 is used by default
34RPM_FILE_CHECKSUM_DIGEST ?= '8'
35RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
36
37
38python () {
39    if d.getVar('RPM_GPG_PASSPHRASE_FILE'):
40        raise_sanity_error('RPM_GPG_PASSPHRASE_FILE is replaced by RPM_GPG_PASSPHRASE', d)
41    # Check configuration
42    for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
43        if not d.getVar(var):
44            raise_sanity_error("You need to define %s in the config" % var, d)
45
46    if d.getVar('RPM_SIGN_FILES') == '1':
47        for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'):
48            if not d.getVar(var):
49                raise_sanity_error("You need to define %s in the config" % var, d)
50}
51
52python sign_rpm () {
53    import glob
54    from oe.gpg_sign import get_signer
55
56    signer = get_signer(d, d.getVar('RPM_GPG_BACKEND'))
57    rpms = glob.glob(d.getVar('RPM_PKGWRITEDIR') + '/*')
58
59    signer.sign_rpms(rpms,
60                     d.getVar('RPM_GPG_NAME'),
61                     d.getVar('RPM_GPG_PASSPHRASE'),
62                     d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
63                     int(d.getVar('RPM_GPG_SIGN_CHUNK')),
64                     d.getVar('RPM_FSK_PATH'),
65                     d.getVar('RPM_FSK_PASSWORD'))
66}
67sign_rpm[vardepsexclude] += "RPM_GPG_SIGN_CHUNK"
68
69do_package_index[depends] += "signing-keys:do_deploy"
70do_rootfs[depends] += "signing-keys:do_populate_sysroot"
71
72PACKAGE_WRITE_DEPS += "gnupg-native"
73