[oe-commits] [openembedded-core] 02/22: lib/oe/package_manager: import rpm signing key to rpmdb
git at git.openembedded.org
git at git.openembedded.org
Thu Mar 16 16:06:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit c3d80cd8f58d23961df16f674661a7e6bbc5f6b2
Author: Markus Lehtonen <markus.lehtonen at linux.intel.com>
AuthorDate: Thu Mar 16 15:19:05 2017 +0200
lib/oe/package_manager: import rpm signing key to rpmdb
Import the gpg key used in rpm signing into rpmdb. This makes it
possible again to create images when rpm signing is enabled.
Also, instruct dnf to enforce signature check if rpm signing is enabled.
Signed-off-by: Markus Lehtonen <markus.lehtonen at linux.intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/lib/oe/package_manager.py | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index b016bc3..eeb4c76 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -520,7 +520,14 @@ class RpmPM(PackageManager):
open(platformconfdir + "macros", 'a').write("%_prefer_color 7")
if self.d.getVar('RPM_SIGN_PACKAGES') == '1':
- raise NotImplementedError("Signature verification with rpm not yet supported.")
+ pubkey_path = self.d.getVar('RPM_GPG_PUBKEY')
+ rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmkeys")
+ cmd = [rpm_bin, '--root=%s' % self.target_rootfs, '--import', pubkey_path]
+ try:
+ subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ bb.fatal("Importing GPG key failed. Command '%s' "
+ "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
def create_configs(self):
self._configure_dnf()
@@ -570,7 +577,8 @@ class RpmPM(PackageManager):
output = self._invoke_dnf((["--skip-broken"] if attempt_only else []) +
(["-x", ",".join(exclude_pkgs)] if len(exclude_pkgs) > 0 else []) +
(["--setopt=install_weak_deps=False"] if self.d.getVar('NO_RECOMMENDATIONS') == 1 else []) +
- ["--nogpgcheck", "install"] +
+ (["--nogpgcheck"] if self.d.getVar('RPM_SIGN_PACKAGES') != '1' else ["--setopt=gpgcheck=True"]) +
+ ["install"] +
pkgs)
failed_scriptlets_pkgnames = collections.OrderedDict()
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list