diff options
author | Jia Zhang <lans.zhang2008@gmail.com> | 2017-08-19 12:48:03 +0800 |
---|---|---|
committer | Jia Zhang <lans.zhang2008@gmail.com> | 2017-08-19 12:54:19 +0800 |
commit | 8544d2a4a570ea109bc6b78c1e51ebc1d57b985d (patch) | |
tree | 3184409cbe133c8f57e42334d7168376301142ed | |
parent | e3f58965abe99e9cd4c3ccdfd5401df61b47d6c9 (diff) | |
download | meta-secure-core-8544d2a4a570ea109bc6b78c1e51ebc1d57b985d.tar.gz |
sign_rpm_ext.bbclass: use the default setting from meta-signing-key
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
-rw-r--r-- | meta-integrity/classes/sign_rpm_ext.bbclass | 5 | ||||
-rw-r--r-- | meta-integrity/recipes-core/meta/signing-keys.bbappend | 12 | ||||
-rw-r--r-- | meta-signing-key/conf/layer.conf | 4 |
3 files changed, 5 insertions, 16 deletions
diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass index 4b52d6a..5a579ee 100644 --- a/meta-integrity/classes/sign_rpm_ext.bbclass +++ b/meta-integrity/classes/sign_rpm_ext.bbclass | |||
@@ -1,8 +1,6 @@ | |||
1 | # RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build | 1 | # RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build |
2 | # environment. By default, the values for the sample keys are configured | 2 | # environment. By default, the values for the sample keys are configured |
3 | # in meta-signing-key. | 3 | # in meta-signing-key. |
4 | RPM_GPG_NAME ?= "SecureCore" | ||
5 | RPM_GPG_PASSPHRASE ?= "SecureCore" | ||
6 | 4 | ||
7 | RPM_GPG_BACKEND ?= "local" | 5 | RPM_GPG_BACKEND ?= "local" |
8 | # SHA-256 is used for the file checksum digest. | 6 | # SHA-256 is used for the file checksum digest. |
@@ -17,6 +15,9 @@ RPM_FSK_PASSWORD ?= "password" | |||
17 | inherit sign_rpm user-key-store | 15 | inherit sign_rpm user-key-store |
18 | 16 | ||
19 | python () { | 17 | python () { |
18 | if d.getVar('RPM_SIGN_FILES', True) != '1': | ||
19 | return | ||
20 | |||
20 | gpg_path = d.getVar('GPG_PATH', True) | 21 | gpg_path = d.getVar('GPG_PATH', True) |
21 | if not gpg_path: | 22 | if not gpg_path: |
22 | gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg' | 23 | gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg' |
diff --git a/meta-integrity/recipes-core/meta/signing-keys.bbappend b/meta-integrity/recipes-core/meta/signing-keys.bbappend index 2c6ce7b..dd8a9ba 100644 --- a/meta-integrity/recipes-core/meta/signing-keys.bbappend +++ b/meta-integrity/recipes-core/meta/signing-keys.bbappend | |||
@@ -1,17 +1,5 @@ | |||
1 | python check_public_keys () { | 1 | python check_public_keys () { |
2 | gpg_path = d.getVar('GPG_PATH', True) | 2 | gpg_path = d.getVar('GPG_PATH', True) |
3 | if not gpg_path: | ||
4 | gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg' | ||
5 | |||
6 | if not os.path.exists(gpg_path): | ||
7 | cmd = ' '.join(('mkdir -p', gpg_path)) | ||
8 | status, output = oe.utils.getstatusoutput(cmd) | ||
9 | if status: | ||
10 | raise bb.build.FuncFailed('Failed to create gpg keying %s: %s' % | ||
11 | (gpg_path, output)) | ||
12 | |||
13 | d.setVar('GPG_PATH', gpg_path) | ||
14 | |||
15 | gpg_bin = d.getVar('GPG_BIN', True) or \ | 3 | gpg_bin = d.getVar('GPG_BIN', True) or \ |
16 | bb.utils.which(os.getenv('PATH'), 'gpg') | 4 | bb.utils.which(os.getenv('PATH'), 'gpg') |
17 | gpg_keyid = d.getVar('RPM_GPG_NAME', True) | 5 | gpg_keyid = d.getVar('RPM_GPG_NAME', True) |
diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf index 8b18e82..e0b171b 100644 --- a/meta-signing-key/conf/layer.conf +++ b/meta-signing-key/conf/layer.conf | |||
@@ -41,8 +41,8 @@ VENDOR_UUID = "1f7b9654-2107-4697-8f1c-0cbc38874588" | |||
41 | UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}" | 41 | UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}" |
42 | 42 | ||
43 | SAMPLE_RPM_KEYNAME ??= "SecureCore" | 43 | SAMPLE_RPM_KEYNAME ??= "SecureCore" |
44 | RPM_GPG_NAME ??= "${SAMPLE_RPM_KEYNAME}" | 44 | RPM_GPG_NAME ?= "${SAMPLE_RPM_KEYNAME}" |
45 | RPM_GPG_PASSPHRASE ??= "SecureCore" | 45 | RPM_GPG_PASSPHRASE ?= "SecureCore" |
46 | 46 | ||
47 | BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \ | 47 | BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \ |
48 | RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \ | 48 | RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \ |