diff options
| author |   Alexander Kanavin <alexander.kanavin@linux.intel.com> | 2018-01-10 14:27:42 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-10 22:14:53 +0000 |
| commit | 08fef6198122fe79d4c1213f9a64b862162ed6cd (patch) | |
| tree | 98fe4b6a61ffb911abd1a7235194258d324b9c39 /meta/recipes-core/meta | |
| parent | 3945ddd6eea9d84f7b0f82c66e6d4512bc239bb2 (diff) | |
| download | openembedded-core-contrib-08fef6198122fe79d4c1213f9a64b862162ed6cd.tar.gz | |
gnupg: use native version for signing, rather than one provided by host
Using host gpg has been problematic, and particularly this removes
the need to serialize package creation, as long as --auto-expand-secmem
is passed to gpg-agent, and gnupg >= 2.2.4 is in use
(https://dev.gnupg.org/T3530).
Sadly, gpg-agent itself is single-threaded, so in the longer run
we might want to seek alternatives:
https://lwn.net/Articles/742542/
(a smaller issue is that rpm itself runs the gpg fronted in a serial
fashion, which slows down the build in cases of recipes with very
large amount of packages, e.g. glibc-locale)
Note that sstate signing and verification continues to use host
gpg, as depending on native gpg would create circular dependencies.
[YOCTO #12022]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/meta')
| -rw-r--r-- | meta/recipes-core/meta/signing-keys.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index 2c1cc3845e..6387d90d47 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb @@ -41,6 +41,7 @@ python do_get_public_keys () { } do_get_public_keys[cleandirs] = "${B}" addtask get_public_keys before do_install +do_get_public_keys[depends] += "gnupg-native:do_populate_sysroot" do_install () { if [ -f "${B}/rpm-key" ]; then |