[OE-core] [PATCH v6 0/4] IPK signing for the gpg_sign module
Markus Lehtonen
markus.lehtonen at linux.intel.com
Tue Feb 23 10:28:38 UTC 2016
Hi,
Resending as my I got a strange "Only members may post to the list."
error yesterday...
On Fri, 2016-02-19 at 17:45 +0200, Ioan-Adrian Ratiu wrote:
> This patch series extends the gpg_sign module to support ipk signing.
>
> v6 implements Markus' feedback. The most notable change is the
> sign_ipk
> and detach_sign merger, as they were almost identical in
> functionality.
> This also meant a refactoring for detach_sign and a bug fix for the
> STDIN file descriptor introduced in gpg > 2.1.
>
> Technically that STDIN bug is a feature (meh) of gpg >2.1 which
> breaks
> existing behaviour so we have to work around it i.e. check the gpg
> version and use the loopback interface. This means that gpg-agent to
> which gpg >2.1 always connects needs to be running permanently.
>
> Ioan-Adrian Ratiu (4):
> gpg_sign: add local ipk package signing functionality
> gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor
> gpg_sign: export_pubkey: add signature type support
> package_manager: sign IPK package feeds
>
> meta/classes/package_ipk.bbclass | 5 +++
> meta/classes/sign_ipk.bbclass | 52 ++++++++++++++++++++++++
> meta/classes/sign_package_feed.bbclass | 12 +++++-
> meta/lib/oe/gpg_sign.py | 74
> +++++++++++++++++++++++++++-------
> meta/lib/oe/package_manager.py | 17 +++++++-
> 5 files changed, 143 insertions(+), 17 deletions(-)
> create mode 100644 meta/classes/sign_ipk.bbclass
I just realized that it would be good to add the ipk signing key to the
signing_keys.bb recipe.
However, it'd probably be good to write it on top of Randy Witt's
rework:
http://lists.openembedded.org/pipermail/openembedded-core/2016-February
/117791.html
Thanks,
Markus
More information about the Openembedded-core
mailing list