meta-integrity: enable sign_rpm_ext to support rpm and file signing

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-07-11 12:58:05 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-07-11 12:58:05 +0800
commit: fbce2ce14b66969c4f35d67d5d3d9cce7ead037b (patch)
tree: ed04d5495d8535ed5355e39f4ce04c6d358dd46d
parent: 6ab1f5473202d135c5e813b5f0af629a6f6a2c41 (diff)
download: meta-secure-core-fbce2ce14b66969c4f35d67d5d3d9cce7ead037b.tar.gz
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass
new file mode 100644
index 0000000..a5a1dc8
--- /dev/null
+++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -0,0 +1,20 @@
+#DEPENDS += "gnupg-native"
+#RPM_GPG_NAME ?= "SecureCore Sample RPM Signing Key"
+#RPM_GPG_PASSPHRASE ?= "password"
+RPM_GPG_NAME ?= "testkey"
+RPM_GPG_PASSPHRASE ?= "123456"
+RPM_GPG_BACKEND ?= "local"
+# SHA-256 is used for the file checksum digest.
+RPM_FILE_CHECKSUM_DIGEST ?= "8"
+RPM_SIGN_FILES = "1"
+RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
+RPM_FSK_PASSWORD ?= "password"
+inherit sign_rpm user-key-store
+#python () {
+#    if not d.getVar('GPG_PATH', True):
+#        d.setVar('GPG_PATH', d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg')
+#}
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index f3c00e0..45d7758 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -17,3 +17,5 @@ LAYERDEPENDS_integrity = "\
    tpm2 \
    tpm \
 "
+INHERIT += "sign_rpm_ext"
author	Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:58:05 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:58:05 +0800
commit	fbce2ce14b66969c4f35d67d5d3d9cce7ead037b (patch)
tree	ed04d5495d8535ed5355e39f4ce04c6d358dd46d
parent	6ab1f5473202d135c5e813b5f0af629a6f6a2c41 (diff)
download	meta-secure-core-fbce2ce14b66969c4f35d67d5d3d9cce7ead037b.tar.gz

diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass new file mode 100644 index 0000000..a5a1dc8 --- /dev/null +++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -0,0 +1,20 @@
		1	#DEPENDS += "gnupg-native"
		2
		3	#RPM_GPG_NAME ?= "SecureCore Sample RPM Signing Key"
		4	#RPM_GPG_PASSPHRASE ?= "password"
		5	RPM_GPG_NAME ?= "testkey"
		6	RPM_GPG_PASSPHRASE ?= "123456"
		7	RPM_GPG_BACKEND ?= "local"
		8	# SHA-256 is used for the file checksum digest.
		9	RPM_FILE_CHECKSUM_DIGEST ?= "8"
		10
		11	RPM_SIGN_FILES = "1"
		12	RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
		13	RPM_FSK_PASSWORD ?= "password"
		14
		15	inherit sign_rpm user-key-store
		16
		17	#python () {
		18	# if not d.getVar('GPG_PATH', True):
		19	# d.setVar('GPG_PATH', d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg')
		20	#}


diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index f3c00e0..45d7758 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf
@@ -17,3 +17,5 @@ LAYERDEPENDS_integrity = "\
17	tpm2 \	17	tpm2 \
18	tpm \	18	tpm \
19	"	19	"
		20
		21	INHERIT += "sign_rpm_ext"