1# 2# Copyright OpenEmbedded Contributors 3# 4# SPDX-License-Identifier: MIT 5# 6 7# Class for signing package feeds 8# 9# Related configuration variables that will be used after this class is 10# iherited: 11# PACKAGE_FEED_PASSPHRASE_FILE 12# Path to a file containing the passphrase of the signing key. 13# PACKAGE_FEED_GPG_NAME 14# Name of the key to sign with. May be key id or key name. 15# PACKAGE_FEED_GPG_BACKEND 16# Optional variable for specifying the backend to use for signing. 17# Currently the only available option is 'local', i.e. local signing 18# on the build host. 19# PACKAGE_FEED_GPG_SIGNATURE_TYPE 20# Optional variable for specifying the type of gpg signature, can be: 21# 1. Ascii armored (ASC), default if not set 22# 2. Binary (BIN) 23# This variable is only available for IPK feeds. It is ignored on 24# other packaging backends. 25# GPG_BIN 26# Optional variable for specifying the gpg binary/wrapper to use for 27# signing. 28# GPG_PATH 29# Optional variable for specifying the gnupg "home" directory: 30# 31inherit sanity 32 33PACKAGE_FEED_SIGN = '1' 34PACKAGE_FEED_GPG_BACKEND ?= 'local' 35PACKAGE_FEED_GPG_SIGNATURE_TYPE ?= 'ASC' 36PACKAGEINDEXDEPS += "gnupg-native:do_populate_sysroot" 37 38# Make feed signing key to be present in rootfs 39FEATURE_PACKAGES_package-management:append = " signing-keys-packagefeed" 40 41python () { 42 # Check sanity of configuration 43 for var in ('PACKAGE_FEED_GPG_NAME', 'PACKAGE_FEED_GPG_PASSPHRASE_FILE'): 44 if not d.getVar(var): 45 raise_sanity_error("You need to define %s in the config" % var, d) 46 47 sigtype = d.getVar("PACKAGE_FEED_GPG_SIGNATURE_TYPE") 48 if sigtype.upper() != "ASC" and sigtype.upper() != "BIN": 49 raise_sanity_error("Bad value for PACKAGE_FEED_GPG_SIGNATURE_TYPE (%s), use either ASC or BIN" % sigtype) 50} 51 52do_package_index[depends] += "signing-keys:do_deploy" 53do_rootfs[depends] += "signing-keys:do_populate_sysroot gnupg-native:do_populate_sysroot" 54