[yocto] Signed RPMs
Chris Trobridge
christrobridge at hotmail.com
Thu Feb 4 13:57:17 PST 2016
Hi,
I have been testing out the facility for generating signed RPMs.
It's currently failing to find 'build/tmp/sysroots/x86_64-linux/etc/RPM-GPG-PUBKEY', log listed at end.
I couldn't find a lot of documentation but from what I could find, I added the following to local.conf:
INHERIT += " sign_rpm"RPM_GPG_NAME = "chris"RPM_GPG_PUBKEY = "/home/chris/mykey.pub"RPM_GPG_PASSPHRASE_FILE = "/home/chris/mypassphrase"
It needed 'python-pexpect' installing (fedora 22) to run at all but after that it worked to an extent as I had to correct the stored passphrase to correct other errors.
At this stage of the build there is very little in 'build/tmp/sysroots/x86_64-linux/etc/' (just quilt related) but I also find it curious that it is looking for the variable name rather than it value.
Now I was following the the Aug patch notes "'RPM_GPG_PUBKEY = "<path_to_pubkey>" in bitbake config pointing to the public key (in "armor" format).".
Since then there was a patch "Automatically export public keys used for package(feed) signing" that obsoletes RPM_GPG_PUBKEY (and overwrites it) but I'm still not clear how/where to put the public key so it will end up in the staging directory. Also, 'package_manager.py' copies the file named by RPM_GPG_PUBKEY to the location os.path.join(self.deploy_dir, 'RPM-GPG-KEY-%s' % distro_version). I presume this copies from the staging directory to the deployment directory.
So what I would like to know is where to put the RPM GPG public key so that it gets copied to the staging directory?
For the time being, I have copied it in by hand.
Thanks,Chris
Summary: 1 task failed:poky/meta/recipes-core/os-release/os-release.bb, do_compile
DEBUG: Executing python function do_compileERROR: Error executing a python function in /home/chris/yocto/poky/meta/recipes-core/os-release/os-release.bb:
The stack trace of python calls that resulted in this exception/failure was:File: '/home/chris/yocto/poky/meta/recipes-core/os-release/os-release.bb', lineno: 16, function: <module> 0012: distro_version = d.getVar('DISTRO_VERSION', True) or "oe.0" 0013: shutil.copy2(rpm_gpg_pubkey, d.expand('/home/chris/yocto/build/tmp/work/all-poky-linux/os-release/1.0-r0/os-release-1.0/rpm-gpg/RPM-GPG-KEY-%s' % distro_version)) 0014: 0015: *** 0016:do_compile(d) 0017:File: '/home/chris/yocto/poky/meta/recipes-core/os-release/os-release.bb', lineno: 13, function: do_compile 0009:do_fetch[noexec] = "1" 0010:do_unpack[noexec] = "1" 0011:do_patch[noexec] = "1" 0012:do_configure[noexec] = "1" *** 0013: 0014:# Other valid fields: BUILD_ID ID_LIKE ANSI_COLOR CPE_NAME 0015:# HOME_URL SUPPORT_URL BUG_REPORT_URL 0016:OS_RELEASE_FIELDS = "ID ID_LIKE NAME VERSION VERSION_ID PRETTY_NAME" 0017:File: '/usr/lib64/python2.7/shutil.py', lineno: 130, function: copy2 0126: 0127: """ 0128: if os.path.isdir(dst): 0129: dst = os.path.join(dst, os.path.basename(src)) *** 0130: copyfile(src, dst) 0131: copystat(src, dst) 0132: 0133:def ignore_patterns(*patterns): 0134: """Function that can be used as copytree() ignore parameter.File: '/usr/lib64/python2.7/shutil.py', lineno: 82, function: copyfile 0078: # XXX What about other special files? (sockets, devices...) 0079: if stat.S_ISFIFO(st.st_mode): 0080: raise SpecialFileError("`%s` is a named pipe" % fn) 0081: *** 0082: with open(src, 'rb') as fsrc: 0083: with open(dst, 'wb') as fdst: 0084: copyfileobj(fsrc, fdst) 0085: 0086:def copymode(src, dst):Exception: IOError: [Errno 2] No such file or directory: '/home/chris/yocto/build/tmp/sysroots/x86_64-linux/etc/RPM-GPG-PUBKEY'
DEBUG: Python function do_compile finishedERROR: Function failed: do_compile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160204/b4ba2e68/attachment.html>
More information about the yocto
mailing list