Starting from v2.1 passing passwords directly to gpg does not work anymore [1], instead a loopback interface must be used otherwise gpg >2.1 will error out with: "gpg: signing failed: Inappropriate ioctl for device"
gpg <2.1 does not work with the new --pinentry-mode arg and gives an invalid option error, so we detect what is the running version of gpg and pass it accordingly. [1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase Signed-off-by: Ioan-Adrian Ratiu <adrian.ra...@ni.com> --- meta/lib/oe/gpg_sign.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index ef47d1a..9f6b0f0 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -66,6 +66,12 @@ class LocalSigner(object): if armor: cmd += ['--armor'] + #gpg > 2.1 supports password pipes only through the loopback interface + #gpg < 2.1 errors out if given unknown parameters + gpg_ver = self.get_gpg_version() + if gpg_ver > 2.1: + cmd += ['--pinentry-mode', 'loopback'] + try: keypipe = os.pipe() @@ -99,6 +105,20 @@ class LocalSigner(object): raise Exception("Failed to sign '%s'" % input_file) + def get_gpg_version(self): + """Return the gpg version""" + import subprocess + + job = subprocess.Popen([self.gpg_bin, "--version"], stdout=subprocess.PIPE) + (stdout, _) = job.communicate() + + if job.returncode: + raise bb.build.FuncFailed("Could not get gpg version (is %s installed?)" % + self.gpg_bin) + + return stdout.split()[2] + + def verify(self, sig_file): """Verify signature""" cmd = self.gpg_bin + " --verify " -- 2.7.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
