[OE-core] [PATCH v2 0/4] Sign packages in RPM feeds

[Markus Lehtonen]

Second iteration of my patchset. I tried to address the issues pointed out by
Mark:
1. The gpg key is not imported to the (temporary) rpm databases used by
   createrepo. Instead, createrepo is patched to ignore signature
   verification altogether.
2. There is a new optional config variable GPG_BIN which can be used to
   define the gpg binary used for signing.
3. The filename of the public keys (published with the package feed and
   depoyed into the target rootfs as part of os-release package) is now
   postfixed with "-${DISTRO_VERSION}".

[YOCTO #8134]

*** BLURB HERE ***

Markus Lehtonen (4):
  createrepo: disable RPM signature validation
  package_rpm: support signing of rpm packages
  os-release: add the public package-signing key
  package_manager: support for signed RPM package feeds

 meta/classes/package_rpm.bbclass                   |  5 ++
 meta/classes/sign_rpm.bbclass                      | 60 ++++++++++++++++++++++
 meta/lib/oe/package_manager.py                     | 40 +++++++++++++++
 meta/recipes-core/os-release/os-release.bb         | 11 ++++
 ...dumpMetadata-disable-signature-validation.patch | 31 +++++++++++
 .../createrepo/createrepo_0.4.11.bb                | 17 +++---
 6 files changed, 156 insertions(+), 8 deletions(-)
 create mode 100644 meta/classes/sign_rpm.bbclass
 create mode 100644 meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-validation.patch

-- 
2.1.4