[OE-core] [PATCH v2 4/7] package_manager.py: enable dnf's repo_gpgcheck if feed signing is enabled
Markus Lehtonen
markus.lehtonen at linux.intel.com
Fri Aug 11 15:35:27 UTC 2017
If package feed signing is enabled enable repo gpg signature check for
rpm repositories added via PACKAGE_FEED_URIS. This has the implication
that all repositories added via this mechanism must be signed with the
same key.
[YOCTO #11209]
Signed-off-by: Markus Lehtonen <markus.lehtonen at linux.intel.com>
---
meta/lib/oe/package_manager.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 942f2dd903..d43d729203 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -559,6 +559,12 @@ class RpmPM(PackageManager):
if feed_uris == "":
return
+ if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
+ gpg_opts = 'repo_gpgcheck=1\n'
+ gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO_VERSION'))
+ else:
+ gpg_opts = ''
+
bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d"))
remote_uris = self.construct_uris(feed_uris.split(), feed_base_paths.split())
for uri in remote_uris:
@@ -569,12 +575,12 @@ class RpmPM(PackageManager):
repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/"))
repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/"))
open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write(
- "[%s]\nname=%s\nbaseurl=%s\n\n" % (repo_id, repo_name, repo_uri))
+ "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts))
else:
repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/"))
repo_uri = uri
open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write(
- "[%s]\nname=%s\nbaseurl=%s\n" % (repo_base, repo_name, repo_uri))
+ "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts))
def _prepare_pkg_transaction(self):
os.environ['D'] = self.target_rootfs
--
2.12.3
More information about the Openembedded-core
mailing list