[gnome-continuous-yocto/gnomeostree-3.28-rocko: 5145/8267] lib/oe/package_manager: import rpm signing key to rpmdb

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 5145/8267] lib/oe/package_manager: import rpm signing key to rpmdb
Date: Sun, 17 Dec 2017 03:01:43 +0000 (UTC)

commit 9a548edb0f01fe000bbada155cc66fc2936221d2
Author: Markus Lehtonen <markus lehtonen linux intel com>
Date:   Thu Mar 16 15:19:05 2017 +0200

    lib/oe/package_manager: import rpm signing key to rpmdb
    
    Import the gpg key used in rpm signing into rpmdb. This makes it
    possible again to create images when rpm signing is enabled.
    
    Also, instruct dnf to enforce signature check if rpm signing is enabled.
    
    (From OE-Core rev: f30c1653cc5ef9daf594cbd3faad329b9fa08ab7)
    
    Signed-off-by: Markus Lehtonen <markus lehtonen linux intel com>
    Signed-off-by: Alexander Kanavin <alexander kanavin linux intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/lib/oe/package_manager.py |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index b016bc3..eeb4c76 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -520,7 +520,14 @@ class RpmPM(PackageManager):
             open(platformconfdir + "macros", 'a').write("%_prefer_color 7")
 
         if self.d.getVar('RPM_SIGN_PACKAGES') == '1':
-            raise NotImplementedError("Signature verification with rpm not yet supported.")
+            pubkey_path = self.d.getVar('RPM_GPG_PUBKEY')
+            rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmkeys")
+            cmd = [rpm_bin, '--root=%s' % self.target_rootfs, '--import', pubkey_path]
+            try:
+                subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            except subprocess.CalledProcessError as e:
+                bb.fatal("Importing GPG key failed. Command '%s' "
+                        "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
     def create_configs(self):
         self._configure_dnf()
@@ -570,7 +577,8 @@ class RpmPM(PackageManager):
         output = self._invoke_dnf((["--skip-broken"] if attempt_only else []) +
                          (["-x", ",".join(exclude_pkgs)] if len(exclude_pkgs) > 0 else []) +
                          (["--setopt=install_weak_deps=False"] if self.d.getVar('NO_RECOMMENDATIONS') == 1 
else []) +
-                         ["--nogpgcheck", "install"] +
+                         (["--nogpgcheck"] if self.d.getVar('RPM_SIGN_PACKAGES') != '1' else 
["--setopt=gpgcheck=True"]) +
+                         ["install"] +
                          pkgs)
 
         failed_scriptlets_pkgnames = collections.OrderedDict()

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]