summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJia Zhang <lans.zhang2008@gmail.com>2017-08-19 12:48:03 +0800
committerJia Zhang <lans.zhang2008@gmail.com>2017-08-19 12:54:19 +0800
commit8544d2a4a570ea109bc6b78c1e51ebc1d57b985d (patch)
tree3184409cbe133c8f57e42334d7168376301142ed
parente3f58965abe99e9cd4c3ccdfd5401df61b47d6c9 (diff)
downloadmeta-secure-core-8544d2a4a570ea109bc6b78c1e51ebc1d57b985d.tar.gz
sign_rpm_ext.bbclass: use the default setting from meta-signing-key
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
-rw-r--r--meta-integrity/classes/sign_rpm_ext.bbclass5
-rw-r--r--meta-integrity/recipes-core/meta/signing-keys.bbappend12
-rw-r--r--meta-signing-key/conf/layer.conf4
3 files changed, 5 insertions, 16 deletions
diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass
index 4b52d6a..5a579ee 100644
--- a/meta-integrity/classes/sign_rpm_ext.bbclass
+++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -1,8 +1,6 @@
1# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build 1# RPM_GPG_NAME and RPM_GPG_PASSPHRASE must be configured in your build
2# environment. By default, the values for the sample keys are configured 2# environment. By default, the values for the sample keys are configured
3# in meta-signing-key. 3# in meta-signing-key.
4RPM_GPG_NAME ?= "SecureCore"
5RPM_GPG_PASSPHRASE ?= "SecureCore"
6 4
7RPM_GPG_BACKEND ?= "local" 5RPM_GPG_BACKEND ?= "local"
8# SHA-256 is used for the file checksum digest. 6# SHA-256 is used for the file checksum digest.
@@ -17,6 +15,9 @@ RPM_FSK_PASSWORD ?= "password"
17inherit sign_rpm user-key-store 15inherit sign_rpm user-key-store
18 16
19python () { 17python () {
18 if d.getVar('RPM_SIGN_FILES', True) != '1':
19 return
20
20 gpg_path = d.getVar('GPG_PATH', True) 21 gpg_path = d.getVar('GPG_PATH', True)
21 if not gpg_path: 22 if not gpg_path:
22 gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg' 23 gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg'
diff --git a/meta-integrity/recipes-core/meta/signing-keys.bbappend b/meta-integrity/recipes-core/meta/signing-keys.bbappend
index 2c6ce7b..dd8a9ba 100644
--- a/meta-integrity/recipes-core/meta/signing-keys.bbappend
+++ b/meta-integrity/recipes-core/meta/signing-keys.bbappend
@@ -1,17 +1,5 @@
1python check_public_keys () { 1python check_public_keys () {
2 gpg_path = d.getVar('GPG_PATH', True) 2 gpg_path = d.getVar('GPG_PATH', True)
3 if not gpg_path:
4 gpg_path = d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg'
5
6 if not os.path.exists(gpg_path):
7 cmd = ' '.join(('mkdir -p', gpg_path))
8 status, output = oe.utils.getstatusoutput(cmd)
9 if status:
10 raise bb.build.FuncFailed('Failed to create gpg keying %s: %s' %
11 (gpg_path, output))
12
13 d.setVar('GPG_PATH', gpg_path)
14
15 gpg_bin = d.getVar('GPG_BIN', True) or \ 3 gpg_bin = d.getVar('GPG_BIN', True) or \
16 bb.utils.which(os.getenv('PATH'), 'gpg') 4 bb.utils.which(os.getenv('PATH'), 'gpg')
17 gpg_keyid = d.getVar('RPM_GPG_NAME', True) 5 gpg_keyid = d.getVar('RPM_GPG_NAME', True)
diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf
index 8b18e82..e0b171b 100644
--- a/meta-signing-key/conf/layer.conf
+++ b/meta-signing-key/conf/layer.conf
@@ -41,8 +41,8 @@ VENDOR_UUID = "1f7b9654-2107-4697-8f1c-0cbc38874588"
41UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}" 41UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}"
42 42
43SAMPLE_RPM_KEYNAME ??= "SecureCore" 43SAMPLE_RPM_KEYNAME ??= "SecureCore"
44RPM_GPG_NAME ??= "${SAMPLE_RPM_KEYNAME}" 44RPM_GPG_NAME ?= "${SAMPLE_RPM_KEYNAME}"
45RPM_GPG_PASSPHRASE ??= "SecureCore" 45RPM_GPG_PASSPHRASE ?= "SecureCore"
46 46
47BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \ 47BB_HASHBASE_WHITELIST_append += " IMA_SIGNING_BLACKLIST IMA_KEYS_DIR \
48 RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \ 48 RPM_KEYS_DIR UEFI_SB_KEYS_DIR EV_CERT \