Re: [oe][PATCH 2/2] package_manager: support for signed IPK package feeds

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Alejandro del Castillo <alejandro.delcastillo@ni.com>
To: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>,
	<openembedded-core@lists.openembedded.org>
Subject: Re: [oe][PATCH 2/2] package_manager: support for signed IPK package feeds
Date: Tue, 17 Nov 2015 14:48:10 -0600	[thread overview]
Message-ID: <564B928A.1090005@ni.com> (raw)
In-Reply-To: <3a685546bb14b90aa1f190f92e223001d594777c.1447773614.git.adrian.ratiu@ni.com>



On 11/17/2015 09:26 AM, Ioan-Adrian Ratiu wrote:
> Create gpg signed package feeds if configured. Very similar to
> how rpm does it. Most of the config variables are shared with
> the rpm backend (like PACKAGE_FEED_GPG_NAME), with the exception
> of PACKAGE_FEED_GPG_PUBKEY which is not needed in this case.
> 
> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
> ---
>  meta/lib/oe/package_manager.py | 23 ++++++++++++++++++++++-
>  1 file changed, 22 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
> index 964fddc..8528c9b 100644
> --- a/meta/lib/oe/package_manager.py
> +++ b/meta/lib/oe/package_manager.py
> @@ -174,10 +174,25 @@ class OpkgIndexer(Indexer):
>  
>          opkg_index_cmd = bb.utils.which(os.getenv('PATH'), "opkg-make-index")
>  
> +        gpg_cmd = ''
> +
> +        # all these variables are needed to succesfully sign the index, otherwise skip signing
> +        if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1' and \
> +           self.d.getVar('PACKAGE_FEED_GPG_NAME', True) and \
> +           self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True):
> +                pkgfeed_gpg_name = self.d.getVar('PACKAGE_FEED_GPG_NAME', True)
> +                pkgfeed_gpg_pass = self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True)
> +                gpg_bin = self.d.getVar('GPG_BIN', True) or bb.utils.which(os.getenv('PATH'), "gpg")
> +
> +                gpg_cmd = "%s --no-use-agent --batch --yes -ab -u %s --passphrase-file '%s'" % \
> +                          (gpg_bin, pkgfeed_gpg_name, pkgfeed_gpg_pass)
> +
> +

I think you can combine this block with the "if gpg_cmd:" one below (move this
logic to the bottom and combine it with the content of the if gpg_cmd block)

          if not os.path.exists(os.path.join(self.deploy_dir, "Packages")):
>              open(os.path.join(self.deploy_dir, "Packages"), "w").close()
>  
>          index_cmds = []
> +        index_sign_files = []
>          for arch_var in arch_vars:
>              archs = self.d.getVar(arch_var, True)
>              if archs is None:
> @@ -196,6 +211,8 @@ class OpkgIndexer(Indexer):
>                  index_cmds.append('%s -r %s -p %s -m %s' %
>                                    (opkg_index_cmd, pkgs_file, pkgs_file, pkgs_dir))
>  
> +                index_sign_files.append(pkgs_file)
> +
>          if len(index_cmds) == 0:
>              bb.note("There are no packages in %s!" % self.deploy_dir)
>              return
> @@ -206,7 +223,11 @@ class OpkgIndexer(Indexer):
>          if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
>              raise NotImplementedError('Package feed signing not implementd for ipk')

Not need anymore

> -
> +        if gpg_cmd:
> +            for f in index_sign_files:
> +                result = oe.utils.multiprocess_exec([gpg_cmd + ' ' + f], create_index)
> +                if result:
> +                    bb.fatal('%s' % ('\n'.join(result)))
>  
>  class DpkgIndexer(Indexer):
>      def _create_configs(self):
> 

-- 
Cheers,

Alejandro

next prev parent reply	other threads:[~2015-11-17 22:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-17 15:26 [oe][PATCH 1/2] package_ipk: support signing of ipk packages Ioan-Adrian Ratiu
2015-11-17 15:26 ` [oe][PATCH 2/2] package_manager: support for signed IPK package feeds Ioan-Adrian Ratiu
2015-11-17 20:48   ` Alejandro del Castillo [this message]
2015-11-18 10:01     ` Ioan-Adrian Ratiu
2015-11-18 10:25 ` [oe][PATCH v2 1/2] package_ipk: support signing of ipk packages Ioan-Adrian Ratiu
2015-11-18 10:25   ` [oe][PATCH v2 2/2] package_manager: support for signed IPK package feeds Ioan-Adrian Ratiu
2015-11-18 16:00     ` Alejandro del Castillo
2015-11-19  8:35       ` Ioan-Adrian Ratiu
2015-11-19 15:29         ` Alejandro del Castillo
2015-11-19 15:41 ` [oe][PATCH v3 1/2] package_ipk: support signing of ipk packages Ioan-Adrian Ratiu
2015-11-19 15:41   ` [oe][PATCH v3 2/2] package_manager: support for signed IPK package feeds Ioan-Adrian Ratiu
2015-11-19 15:58     ` Alejandro del Castillo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=564B928A.1090005@ni.com \
    --to=alejandro.delcastillo@ni.com \
    --cc=adrian.ratiu@ni.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox