From fbce2ce14b66969c4f35d67d5d3d9cce7ead037b Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Tue, 11 Jul 2017 12:58:05 +0800
Subject: meta-integrity: enable sign_rpm_ext to support rpm and file signing

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-integrity/classes/sign_rpm_ext.bbclass | 20 ++++++++++++++++++++
 meta-integrity/conf/layer.conf              |  2 ++
 2 files changed, 22 insertions(+)
 create mode 100644 meta-integrity/classes/sign_rpm_ext.bbclass

diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass
new file mode 100644
index 0000000..a5a1dc8
--- /dev/null
+++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -0,0 +1,20 @@
+#DEPENDS += "gnupg-native"
+
+#RPM_GPG_NAME ?= "SecureCore Sample RPM Signing Key"
+#RPM_GPG_PASSPHRASE ?= "password"
+RPM_GPG_NAME ?= "testkey"
+RPM_GPG_PASSPHRASE ?= "123456"
+RPM_GPG_BACKEND ?= "local"
+# SHA-256 is used for the file checksum digest.
+RPM_FILE_CHECKSUM_DIGEST ?= "8"
+
+RPM_SIGN_FILES = "1"
+RPM_FSK_PATH ?= "${@uks_ima_keys_dir(d) + 'x509_ima.key'}"
+RPM_FSK_PASSWORD ?= "password"
+
+inherit sign_rpm user-key-store
+
+#python () {
+#    if not d.getVar('GPG_PATH', True):
+#        d.setVar('GPG_PATH', d.getVar('DEPLOY_DIR_IMAGE', True) + '/.gnupg')
+#}
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index f3c00e0..45d7758 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -17,3 +17,5 @@ LAYERDEPENDS_integrity = "\
     tpm2 \
     tpm \
 "
+
+INHERIT += "sign_rpm_ext"
-- 
cgit v1.2.3-54-g00ecf