From: "Ferry Toth" <fntoth@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
Xavier Berger <xavier.berger@bio-logic.net>
Subject: Re: [PATCH v1 1/2] gpg-sign: Add parameters to gpg signature function
Date: Wed, 23 Mar 2022 19:34:09 +0100 [thread overview]
Message-ID: <fe0f9ee8-e3d0-1681-af93-fa97019b8a0c@gmail.com> (raw)
In-Reply-To: <20220322211949.7423-1-fntoth@gmail.com>
Hi Richard,
I forgot to add a cover letter, sorry for that. The 2 patches together
implement DEB repository signing.
This is necessary since Gatesgarth |apt| (1.8.2) has become more strict
and doesn’t allow unsigned repositories by default.
It is possible to override this behavior |but||| is more work then to
enable signed DEB repositories. These patches makes DEB a first class
citizen as IPK and RPM.
Patches have been in use in meta-intel-edison since Gatesgarth, see
https://edison-fw.github.io/meta-intel-edison/5.0-Creating-a-deb-repository.html\
Ferry
Op 22-03-2022 om 22:19 schreef Ferry Toth:
> From: Xavier Berger <xavier.berger@bio-logic.net>
>
> output_suffix: If defined, add output_suffix as file name extension.
> use_sha256: If True, use sha256 for gpg as digest algorithm
>
> Signed-off-by: Xavier Berger <xavier.berger@bio-logic.net>
> Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
> ---
> meta/lib/oe/gpg_sign.py | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
> index 1bce6cb792..aa9bb49f2c 100644
> --- a/meta/lib/oe/gpg_sign.py
> +++ b/meta/lib/oe/gpg_sign.py
> @@ -58,7 +58,7 @@ class LocalSigner(object):
> for i in range(0, len(files), sign_chunk):
> subprocess.check_output(shlex.split(cmd + ' '.join(files[i:i+sign_chunk])), stderr=subprocess.STDOUT)
>
> - def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
> + def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True, output_suffix=None, use_sha256=False):
> """Create a detached signature of a file"""
>
> if passphrase_file and passphrase:
> @@ -71,6 +71,10 @@ class LocalSigner(object):
> cmd += ['--homedir', self.gpg_path]
> if armor:
> cmd += ['--armor']
> + if output_suffix:
> + cmd += ['-o', input_file + "." + output_suffix]
> + if use_sha256:
> + cmd += ['--digest-algo', "SHA256"]
>
> #gpg > 2.1 supports password pipes only through the loopback interface
> #gpg < 2.1 errors out if given unknown parameters
next prev parent reply other threads:[~2022-03-23 18:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 21:19 [PATCH v1 1/2] gpg-sign: Add parameters to gpg signature function Ferry Toth
2022-03-22 21:19 ` [PATCH v1 2/2] package_manager: sign DEB package feeds Ferry Toth
2022-03-23 18:34 ` Ferry Toth [this message]
2022-03-24 8:12 ` [PATCH v1 1/2] gpg-sign: Add parameters to gpg signature function Richard Purdie
2022-03-24 11:23 ` Ferry Toth
2022-03-24 12:03 ` Richard Purdie
2022-03-24 15:36 ` Ferry Toth
2022-03-24 22:11 ` Ferry Toth
2022-03-24 22:20 ` Richard Purdie
2022-03-28 14:04 ` Ferry Toth
2022-03-25 11:28 ` Ferry Toth
2022-03-25 11:51 ` [OE-core] " Alexander Kanavin
2022-03-25 21:57 ` Ferry Toth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe0f9ee8-e3d0-1681-af93-fa97019b8a0c@gmail.com \
--to=fntoth@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
--cc=xavier.berger@bio-logic.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox