[OE-core] [PATCH v2 0/4] Sign packages in RPM feeds

Markus Lehtonen markus.lehtonen at linux.intel.com
Fri Aug 28 10:11:43 UTC 2015 

Hi,

On 27/08/15 12:31, "Markus Lehtonen"
<openembedded-core-bounces at lists.openembedded.org on behalf of
markus.lehtonen at linux.intel.com> wrote:

>Second iteration of my patchset. I tried to address the issues pointed
>out by
>Mark:
>1. The gpg key is not imported to the (temporary) rpm databases used by
>   createrepo. Instead, createrepo is patched to ignore signature
>   verification altogether.
>2. There is a new optional config variable GPG_BIN which can be used to
>   define the gpg binary used for signing.
>3. The filename of the public keys (published with the package feed and
>   depoyed into the target rootfs as part of os-release package) is now
>   postfixed with "-${DISTRO_VERSION}".
>
>[YOCTO #8134]
>
>*** BLURB HERE ***
>
>Markus Lehtonen (4):
>  createrepo: disable RPM signature validation
>  package_rpm: support signing of rpm packages
>  os-release: add the public package-signing key
>  package_manager: support for signed RPM package feeds
>
> meta/classes/package_rpm.bbclass                   |  5 ++
> meta/classes/sign_rpm.bbclass                      | 60
>++++++++++++++++++++++
> meta/lib/oe/package_manager.py                     | 40 +++++++++++++++
> meta/recipes-core/os-release/os-release.bb         | 11 ++++
> ...dumpMetadata-disable-signature-validation.patch | 31 +++++++++++
> .../createrepo/createrepo_0.4.11.bb                | 17 +++---
> 6 files changed, 156 insertions(+), 8 deletions(-)
> create mode 100644 meta/classes/sign_rpm.bbclass
> create mode 100644
>meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-
>validation.patch

Please use a slightly updated version of the patchset found here:
  git://git.openembedded.org/openembedded-core-contrib marquiz/rpmsign
  
http://git.openembedded.org/openembedded-core-contrib/log/?h=marquiz/rpmsig
n


I noticed some typos in the commit messages of my v2 patchset (GPG_CMD vs.
GPG_BIN). Also, I added a comment header to the sign_rpm.bbclass file.


Thanks,
  Markus

More information about the Openembedded-core mailing list