summaryrefslogtreecommitdiffstats
path: root/meta/classes/sign_rpm.bbclass
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2018-01-10 12:27:42 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-01-11 10:26:07 (GMT)
commit0f49d9182f9a6204399c0946b9e9ae64ad3c0838 (patch)
tree2776060ece2f57e90c308c88c1f5aa62749d7629 /meta/classes/sign_rpm.bbclass
parent0a732a9c66ffe33e9bf11757acb3ae599219a89f (diff)
downloadpoky-0f49d9182f9a6204399c0946b9e9ae64ad3c0838.tar.gz
gnupg: use native version for signing, rather than one provided by host
Using host gpg has been problematic, and particularly this removes the need to serialize package creation, as long as --auto-expand-secmem is passed to gpg-agent, and gnupg >= 2.2.4 is in use (https://dev.gnupg.org/T3530). Sadly, gpg-agent itself is single-threaded, so in the longer run we might want to seek alternatives: https://lwn.net/Articles/742542/ (a smaller issue is that rpm itself runs the gpg fronted in a serial fashion, which slows down the build in cases of recipes with very large amount of packages, e.g. glibc-locale) Note that sstate signing and verification continues to use host gpg, as depending on native gpg would create circular dependencies. [YOCTO #12022] (From OE-Core rev: 08fef6198122fe79d4c1213f9a64b862162ed6cd) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/sign_rpm.bbclass')
-rw-r--r--meta/classes/sign_rpm.bbclass6
1 files changed, 1 insertions, 5 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index 4961b03..64ae7ce 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -68,8 +68,4 @@ python sign_rpm () {
68do_package_index[depends] += "signing-keys:do_deploy" 68do_package_index[depends] += "signing-keys:do_deploy"
69do_rootfs[depends] += "signing-keys:do_populate_sysroot" 69do_rootfs[depends] += "signing-keys:do_populate_sysroot"
70 70
71# Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel 71PACKAGE_WRITE_DEPS += "gnupg-native"
72# so unfortunately the signing must be done serially. Once the upstream problem is fixed,
73# the following line must be removed otherwise we loose all the intrinsic parallelism from
74# bitbake. For more information, check https://bugzilla.yoctoproject.org/show_bug.cgi?id=12022.
75do_package_write_rpm[lockfiles] += "${TMPDIR}/gpg.lock"