From 08fef6198122fe79d4c1213f9a64b862162ed6cd Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 10 Jan 2018 14:27:42 +0200 Subject: gnupg: use native version for signing, rather than one provided by host Using host gpg has been problematic, and particularly this removes the need to serialize package creation, as long as --auto-expand-secmem is passed to gpg-agent, and gnupg >= 2.2.4 is in use (https://dev.gnupg.org/T3530). Sadly, gpg-agent itself is single-threaded, so in the longer run we might want to seek alternatives: https://lwn.net/Articles/742542/ (a smaller issue is that rpm itself runs the gpg fronted in a serial fashion, which slows down the build in cases of recipes with very large amount of packages, e.g. glibc-locale) Note that sstate signing and verification continues to use host gpg, as depending on native gpg would create circular dependencies. [YOCTO #12022] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/recipes-core/meta/signing-keys.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-core') diff --git a/meta/recipes-core/meta/signing-keys.bb b/meta/recipes-core/meta/signing-keys.bb index 2c1cc3845e..6387d90d47 100644 --- a/meta/recipes-core/meta/signing-keys.bb +++ b/meta/recipes-core/meta/signing-keys.bb @@ -41,6 +41,7 @@ python do_get_public_keys () { } do_get_public_keys[cleandirs] = "${B}" addtask get_public_keys before do_install +do_get_public_keys[depends] += "gnupg-native:do_populate_sysroot" do_install () { if [ -f "${B}/rpm-key" ]; then -- cgit 1.2.3-korg