mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK

Browse Source 
Commit d58b1d196 moved from chunk to serial signing, but neither of both approaches
allowed the user to select the chunks size. This patch allows the user to select
a chunk size through RPM_GPG_SIGN_CHUNK defaulting to BB_NUMBER_THREADS, considered
a good default. Indirectly, this change reduces the number of processes spawn
to number-of-packages/RPM_GPG_SIGN_CHUNK.

(From OE-Core rev: f7f78e73f1cd15f4233a231364b14438af758628)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Leonardo Sandoval
2017-08-17 10:12:27 -07:00
committed by Richard Purdie
parent c0a7913bfe
commit e461f32d68
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/sign_rpm.bbclass
+6 -1
View File
@@ -19,9 +19,12 @@
# GPG_BIN # GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for # Optional variable for specifying the gpg binary/wrapper to use for
# signing. # signing.
# RPM_GPG_SIGN_CHUNK
# Optional variable indicating the number of packages used per gpg
# invocation
# GPG_PATH # GPG_PATH
# Optional variable for specifying the gnupg "home" directory: # Optional variable for specifying the gnupg "home" directory:
#
inherit sanity inherit sanity
RPM_SIGN_PACKAGES='1' RPM_SIGN_PACKAGES='1'
@@ -29,6 +32,7 @@ RPM_SIGN_FILES ?= '0'
RPM_GPG_BACKEND ?= 'local' RPM_GPG_BACKEND ?= 'local'
# SHA-256 is used by default # SHA-256 is used by default
RPM_FILE_CHECKSUM_DIGEST ?= '8' RPM_FILE_CHECKSUM_DIGEST ?= '8'
RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
python () { python () {
@@ -56,6 +60,7 @@ python sign_rpm () {
d.getVar('RPM_GPG_NAME'), d.getVar('RPM_GPG_NAME'),
d.getVar('RPM_GPG_PASSPHRASE'), d.getVar('RPM_GPG_PASSPHRASE'),
d.getVar('RPM_FILE_CHECKSUM_DIGEST'), d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
int(d.getVar('RPM_GPG_SIGN_CHUNK')),
d.getVar('RPM_FSK_PATH'), d.getVar('RPM_FSK_PATH'),
d.getVar('RPM_FSK_PASSWORD')) d.getVar('RPM_FSK_PASSWORD'))
} }
meta/lib/oe/gpg_sign.py
+4 -4
View File
@@ -27,7 +27,7 @@ class LocalSigner(object):
raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
(keyid, output)) (keyid, output))
def sign_rpms(self, files, keyid, passphrase, digest, fsk=None, fsk_password=None): def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None):
"""Sign RPM files""" """Sign RPM files"""
cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid
@@ -45,9 +45,9 @@ class LocalSigner(object):
if fsk_password: if fsk_password:
cmd += "--define '_file_signing_key_password %s' " % fsk_password cmd += "--define '_file_signing_key_password %s' " % fsk_password
# Sign packages # Sign in chunks
for f in files: for i in range(0, len(files), sign_chunk):
status, output = oe.utils.getstatusoutput(cmd + ' ' + f) status, output = oe.utils.getstatusoutput(cmd + ' '.join(files[i:i+sign_chunk]))
if status: if status:
raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output) raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)