From 08fef6198122fe79d4c1213f9a64b862162ed6cd Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 10 Jan 2018 14:27:42 +0200 Subject: gnupg: use native version for signing, rather than one provided by host Using host gpg has been problematic, and particularly this removes the need to serialize package creation, as long as --auto-expand-secmem is passed to gpg-agent, and gnupg >= 2.2.4 is in use (https://dev.gnupg.org/T3530). Sadly, gpg-agent itself is single-threaded, so in the longer run we might want to seek alternatives: https://lwn.net/Articles/742542/ (a smaller issue is that rpm itself runs the gpg fronted in a serial fashion, which slows down the build in cases of recipes with very large amount of packages, e.g. glibc-locale) Note that sstate signing and verification continues to use host gpg, as depending on native gpg would create circular dependencies. [YOCTO #12022] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/classes/sign_package_feed.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta/classes/sign_package_feed.bbclass') diff --git a/meta/classes/sign_package_feed.bbclass b/meta/classes/sign_package_feed.bbclass index f03c4802d0..7ff3a35a2f 100644 --- a/meta/classes/sign_package_feed.bbclass +++ b/meta/classes/sign_package_feed.bbclass @@ -43,4 +43,4 @@ python () { } do_package_index[depends] += "signing-keys:do_deploy" -do_rootfs[depends] += "signing-keys:do_populate_sysroot" +do_rootfs[depends] += "signing-keys:do_populate_sysroot gnupg-native:do_populate_sysroot" -- cgit 1.2.3-korg