[OE-core] [PATCH] sstate: respect GPG_BIN and GPG_HOME
Ross Burton
ross.burton at intel.com
Sat Oct 24 00:05:23 UTC 2015
The package feed signing code supports the user providing the path to the gpg
binary and an alternative gpg 'home' (usually ~/.gnupg), which are useful for
both deployment and QA purposes.
Factor out the gpg command line construction to a function which can fetch both
of these variables, and also use pipes.quote() to sanitise the arguments when
used in a shell context.
[ YOCTO #8559 ]
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/classes/sstate.bbclass | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index d09e27a..ba18f54 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -268,6 +268,20 @@ def sstate_install(ss, d):
sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"
+def sstate_build_gpg_command(d, *args, **kwargs):
+ # Returns a list for subprocess.call() unless passed flatten=True when this
+ # returns a flattened string.
+ l = [d.getVar("GPG_BIN", True) or "gpg"]
+ if d.getVar("GPG_PATH", True):
+ l += ["--homedir", d.getVar("GPG_PATH", True)]
+ l += args
+
+ if kwargs.get("flatten", False):
+ import pipes
+ return " ".join(map(pipes.quote, l))
+ else:
+ return l
+
def sstate_installpkg(ss, d):
import oe.path
import subprocess
@@ -296,7 +310,7 @@ def sstate_installpkg(ss, d):
d.setVar('SSTATE_PKG', sstatepkg)
if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False):
- if subprocess.call(["gpg", "--verify", sstatepkg + ".sig", sstatepkg]) != 0:
+ if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0:
bb.warn("Cannot verify signature on sstate package %s" % sstatepkg)
for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
@@ -672,12 +686,12 @@ sstate_create_package () {
else
tar -cz --file=$TFILE --files-from=/dev/null
fi
- chmod 0664 $TFILE
+ chmod 0664 $TFILE
mv -f $TFILE ${SSTATE_PKG}
if [ -n "${SSTATE_SIG_KEY}" ]; then
rm -f ${SSTATE_PKG}.sig
- echo ${SSTATE_SIG_PASSPHRASE} | gpg --batch --passphrase-fd 0 --detach-sign --local-user ${SSTATE_SIG_KEY} --output ${SSTATE_PKG}.sig ${SSTATE_PKG}
+ echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)}
fi
cd ${WORKDIR}
--
2.1.4
More information about the Openembedded-core
mailing list