user-key-store.bbclass: Depend on gnupg-native to always use provided gpg

On some host configuration such as ubuntu 16.04 the gnupg in /usr/bin
is the 1.x version.  This can cause problems between the import and
signing process if the gpg version is different.  The commands in the
user-key-store class assume gnupg is at least version 2.2 or newer.

To avoid the signing phase failing for the efitools and the kernel,
the user-key-store class should depend on the gnupg-native binaries.

It avoids this specific error:

ERROR: efitools-1.9.2+gitAUTOINC+392836a46c-r0 do_sign: Failed to sign: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/image/boot/efi/EFI/BOOT/LockDown.efi
ERROR: Logfile of failure stored in: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/temp/log.do_sign.22969
NOTE: recipe efitools-1.9.2+gitAUTOINC+392836a46c-r0: task do_sign: Failed

[ Issue: LIN1019-3757 ]

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
This commit is contained in:
Jason Wessel
2019-12-12 11:33:46 -08:00
committed by Jia Zhang
parent e4e766aa40
commit f59b77b257
@@ -2,7 +2,7 @@ DEPENDS_append_class-target += "\
sbsigntool-native \
libsign-native \
openssl-native \
${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "efitools-native", "", d)} \
${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "efitools-native gnupg-native", "", d)} \
"
USER_KEY_SHOW_VERBOSE = "1"