diff options
| author | Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> | 2017-08-17 10:12:27 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-18 12:35:56 +0100 |
| commit | f7f78e73f1cd15f4233a231364b14438af758628 (patch) | |
| tree | b084983555e6ae1efa3bc3829a8476416d78f83c /meta | |
| parent | e70f843b4fb5ee27d46543165a89d56c2ec5ee2e (diff) | |
| download | openembedded-core-f7f78e73f1cd15f4233a231364b14438af758628.tar.gz openembedded-core-f7f78e73f1cd15f4233a231364b14438af758628.tar.bz2 openembedded-core-f7f78e73f1cd15f4233a231364b14438af758628.zip | |
sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK
Commit d58b1d196 moved from chunk to serial signing, but neither of both approaches
allowed the user to select the chunks size. This patch allows the user to select
a chunk size through RPM_GPG_SIGN_CHUNK defaulting to BB_NUMBER_THREADS, considered
a good default. Indirectly, this change reduces the number of processes spawn
to number-of-packages/RPM_GPG_SIGN_CHUNK.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/classes/sign_rpm.bbclass | 7 | ||||
| -rw-r--r-- | meta/lib/oe/gpg_sign.py | 8 |
2 files changed, 10 insertions, 5 deletions
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass index c49406c74d..6796780ee4 100644 --- a/meta/classes/sign_rpm.bbclass +++ b/meta/classes/sign_rpm.bbclass @@ -19,9 +19,12 @@ # GPG_BIN # Optional variable for specifying the gpg binary/wrapper to use for # signing. +# RPM_GPG_SIGN_CHUNK +# Optional variable indicating the number of packages used per gpg +# invocation # GPG_PATH # Optional variable for specifying the gnupg "home" directory: -# + inherit sanity RPM_SIGN_PACKAGES='1' @@ -29,6 +32,7 @@ RPM_SIGN_FILES ?= '0' RPM_GPG_BACKEND ?= 'local' # SHA-256 is used by default RPM_FILE_CHECKSUM_DIGEST ?= '8' +RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}" python () { @@ -56,6 +60,7 @@ python sign_rpm () { d.getVar('RPM_GPG_NAME'), d.getVar('RPM_GPG_PASSPHRASE'), d.getVar('RPM_FILE_CHECKSUM_DIGEST'), + int(d.getVar('RPM_GPG_SIGN_CHUNK')), d.getVar('RPM_FSK_PATH'), d.getVar('RPM_FSK_PASSWORD')) } diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py index 5c7985a856..008478dfeb 100644 --- a/meta/lib/oe/gpg_sign.py +++ b/meta/lib/oe/gpg_sign.py @@ -27,7 +27,7 @@ class LocalSigner(object): raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' % (keyid, output)) - def sign_rpms(self, files, keyid, passphrase, digest, fsk=None, fsk_password=None): + def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None): """Sign RPM files""" cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid @@ -45,9 +45,9 @@ class LocalSigner(object): if fsk_password: cmd += "--define '_file_signing_key_password %s' " % fsk_password - # Sign packages - for f in files: - status, output = oe.utils.getstatusoutput(cmd + ' ' + f) + # Sign in chunks + for i in range(0, len(files), sign_chunk): + status, output = oe.utils.getstatusoutput(cmd + ' '.join(files[i:i+sign_chunk])) if status: raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output) |