[OE-core] [oe][PATCH v2 2/2] package_manager: support for signed IPK package feeds
Ioan-Adrian Ratiu
adrian.ratiu at ni.com
Thu Nov 19 08:35:59 UTC 2015
On Wed, 18 Nov 2015 10:00:23 -0600
Alejandro del Castillo <alejandro.delcastillo at ni.com> wrote:
>
>
> On 11/18/2015 04:25 AM, Ioan-Adrian Ratiu wrote:
> > Create gpg signed package feeds if configured. Very similar to
> > how rpm does it. Most of the config variables are shared with
> > the rpm backend (like PACKAGE_FEED_GPG_NAME), with the exception
> > of PACKAGE_FEED_GPG_PUBKEY which is not needed in this case.
> >
> > Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu at ni.com>
> > ---
> > meta/lib/oe/package_manager.py | 19 ++++++++++++++++++-
> > 1 file changed, 18 insertions(+), 1 deletion(-)
> >
> > diff --git a/meta/lib/oe/package_manager.py
> > b/meta/lib/oe/package_manager.py index 964fddc..a0fe0eb 100644
> > --- a/meta/lib/oe/package_manager.py
> > +++ b/meta/lib/oe/package_manager.py
> > @@ -178,6 +178,7 @@ class OpkgIndexer(Indexer):
> > open(os.path.join(self.deploy_dir, "Packages"),
> > "w").close()
> > index_cmds = []
> > + index_sign_files = []
> > for arch_var in arch_vars:
> > archs = self.d.getVar(arch_var, True)
> > if archs is None:
> > @@ -196,6 +197,8 @@ class OpkgIndexer(Indexer):
> > index_cmds.append('%s -r %s -p %s -m %s' %
> > (opkg_index_cmd, pkgs_file,
> > pkgs_file, pkgs_dir))
> > + index_sign_files.append(pkgs_file)
> > +
> > if len(index_cmds) == 0:
> > bb.note("There are no packages in %s!" %
> > self.deploy_dir) return
> > @@ -206,7 +209,21 @@ class OpkgIndexer(Indexer):
> > if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
> > raise NotImplementedError('Package feed signing not
> > implementd for ipk')
>
> Forgot to remove?
No. Please read my previous mail, this is needed to avoid duplicating
those arch loops.
I specifically asked the question if we can't get the package feed file
names in another way; if so, then we can remove this.
>
> > -
> > + # all these variables are needed to succesfully sign the
> > index, otherwise skip signing
> > + if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1' and \
> > + self.d.getVar('PACKAGE_FEED_GPG_NAME', True) and \
> > + self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True):
> > + pkgfeed_gpg_name =
> > self.d.getVar('PACKAGE_FEED_GPG_NAME', True)
> > + pkgfeed_gpg_pass =
> > self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True)
> > + gpg_bin = self.d.getVar('GPG_BIN', True) or
> > bb.utils.which(os.getenv('PATH'), "gpg") +
> > + gpg_cmd = "%s --no-use-agent --batch --yes -ab -u
> > %s --passphrase-file '%s'" % \
> > + (gpg_bin, pkgfeed_gpg_name,
> > pkgfeed_gpg_pass) +
> > + for f in index_sign_files:
> > + result = oe.utils.multiprocess_exec([gpg_cmd +
> > ' ' + f], create_index)
> > + if result:
> > + bb.fatal('%s' % ('\n'.join(result)))
> >
> > class DpkgIndexer(Indexer):
> > def _create_configs(self):
> >
>
> This is the approach that I was suggesting, looks good.
>
Yes, thank you.
More information about the Openembedded-core
mailing list