[OE-core] [PATCH v2 0/4] Sign packages in RPM feeds
Markus Lehtonen
markus.lehtonen at linux.intel.com
Thu Aug 27 09:31:12 UTC 2015
Second iteration of my patchset. I tried to address the issues pointed out by
Mark:
1. The gpg key is not imported to the (temporary) rpm databases used by
createrepo. Instead, createrepo is patched to ignore signature
verification altogether.
2. There is a new optional config variable GPG_BIN which can be used to
define the gpg binary used for signing.
3. The filename of the public keys (published with the package feed and
depoyed into the target rootfs as part of os-release package) is now
postfixed with "-${DISTRO_VERSION}".
[YOCTO #8134]
*** BLURB HERE ***
Markus Lehtonen (4):
createrepo: disable RPM signature validation
package_rpm: support signing of rpm packages
os-release: add the public package-signing key
package_manager: support for signed RPM package feeds
meta/classes/package_rpm.bbclass | 5 ++
meta/classes/sign_rpm.bbclass | 60 ++++++++++++++++++++++
meta/lib/oe/package_manager.py | 40 +++++++++++++++
meta/recipes-core/os-release/os-release.bb | 11 ++++
...dumpMetadata-disable-signature-validation.patch | 31 +++++++++++
.../createrepo/createrepo_0.4.11.bb | 17 +++---
6 files changed, 156 insertions(+), 8 deletions(-)
create mode 100644 meta/classes/sign_rpm.bbclass
create mode 100644 meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-validation.patch
--
2.1.4
More information about the Openembedded-core
mailing list