From a36d8c437c1e6ba32a14651f8d55092d831dffb8 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 10 Jan 2018 14:27:42 +0200 Subject: gnupg: use native version for signing, rather than one provided by host Using host gpg has been problematic, and particularly this removes the need to serialize package creation, as long as --auto-expand-secmem is passed to gpg-agent, and gnupg >= 2.2.4 is in use (https://dev.gnupg.org/T3530). Sadly, gpg-agent itself is single-threaded, so in the longer run we might want to seek alternatives: https://lwn.net/Articles/742542/ (a smaller issue is that rpm itself runs the gpg fronted in a serial fashion, which slows down the build in cases of recipes with very large amount of packages, e.g. glibc-locale) Note that sstate signing and verification continues to use host gpg, as depending on native gpg would create circular dependencies. [YOCTO #12022] (From OE-Core rev: 08fef6198122fe79d4c1213f9a64b862162ed6cd) (From OE-Core rev: d449179eaf3cc25fdf6757342e9f95562a84696f) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/classes/sign_rpm.bbclass | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'meta/classes/sign_rpm.bbclass') diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index 4961b03618..64ae7ce30e 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass @@ -68,8 +68,4 @@ python sign_rpm () { do_package_index[depends] += "signing-keys:do_deploy" do_rootfs[depends] += "signing-keys:do_populate_sysroot" -# Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel -# so unfortunately the signing must be done serially. Once the upstream problem is fixed, -# the following line must be removed otherwise we loose all the intrinsic parallelism from -# bitbake. For more information, check https://bugzilla.yoctoproject.org/show_bug.cgi?id=12022. -do_package_write_rpm[lockfiles] += "${TMPDIR}/gpg.lock" +PACKAGE_WRITE_DEPS += "gnupg-native" -- cgit v1.2.3-54-g00ecf