5.18.5.2. Processing Package Feeds

In addition to being able to sign RPM packages, you can also enable the OpenEmbedded build system to be able to handle previously signed package feeds for IPK packages.

Note

The OpenEmbedded build system does not currently support signed DPKG or RPM package feeds.

The steps you need to take to enable signed package feed use are similar to the steps used to sign RPM packages. You must define the following in your local.config or distro.config file:

     INHERIT += "sign_package_feed"
     PACKAGE_FEED_GPG_NAME = "key_name"
     PACKAGE_FEED_GPG_PASSPHRASE_FILE = "path_to_file_containing_passphrase"
                    

For signed package feeds, the passphrase must exist in a separate file, which is pointed to by the PACKAGE_FEED_GPG_PASSPHRASE_FILE variable. Regarding security, keeping a plain text passphrase out of the configuration is more secure.

Aside from the PACKAGE_FEED_GPG_NAME and PACKAGE_FEED_GPG_PASSPHRASE_FILE variables, three optional variables related to signed package feeds exist: