1# 2# Copyright OpenEmbedded Contributors 3# 4# SPDX-License-Identifier: MIT 5# 6 7# Class for generating signed IPK packages. 8# 9# Configuration variables used by this class: 10# IPK_GPG_PASSPHRASE_FILE 11# Path to a file containing the passphrase of the signing key. 12# IPK_GPG_NAME 13# Name of the key to sign with. 14# IPK_GPG_BACKEND 15# Optional variable for specifying the backend to use for signing. 16# Currently the only available option is 'local', i.e. local signing 17# on the build host. 18# IPK_GPG_SIGNATURE_TYPE 19# Optional variable for specifying the type of gpg signatures, can be: 20# 1. Ascii armored (ASC), default if not set 21# 2. Binary (BIN) 22# GPG_BIN 23# Optional variable for specifying the gpg binary/wrapper to use for 24# signing. 25# GPG_PATH 26# Optional variable for specifying the gnupg "home" directory: 27# 28 29inherit sanity 30 31IPK_SIGN_PACKAGES = '1' 32IPK_GPG_BACKEND ?= 'local' 33IPK_GPG_SIGNATURE_TYPE ?= 'ASC' 34 35python () { 36 # Check configuration 37 for var in ('IPK_GPG_NAME', 'IPK_GPG_PASSPHRASE_FILE'): 38 if not d.getVar(var): 39 raise_sanity_error("You need to define %s in the config" % var, d) 40 41 sigtype = d.getVar("IPK_GPG_SIGNATURE_TYPE") 42 if sigtype.upper() != "ASC" and sigtype.upper() != "BIN": 43 raise_sanity_error("Bad value for IPK_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype) 44} 45 46def sign_ipk(d, ipk_to_sign): 47 from oe.gpg_sign import get_signer 48 49 bb.debug(1, 'Signing ipk: %s' % ipk_to_sign) 50 51 signer = get_signer(d, d.getVar('IPK_GPG_BACKEND')) 52 sig_type = d.getVar('IPK_GPG_SIGNATURE_TYPE') 53 is_ascii_sig = (sig_type.upper() != "BIN") 54 55 signer.detach_sign(ipk_to_sign, 56 d.getVar('IPK_GPG_NAME'), 57 d.getVar('IPK_GPG_PASSPHRASE_FILE'), 58 armor=is_ascii_sig) 59