Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass
index bc2e947..4961b03 100644
--- a/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass
+++ b/import-layers/yocto-poky/meta/classes/sign_rpm.bbclass
@@ -9,16 +9,30 @@
# Optional variable for specifying the backend to use for signing.
# Currently the only available option is 'local', i.e. local signing
# on the build host.
+# RPM_FILE_CHECKSUM_DIGEST
+# Optional variable for specifying the algorithm for generating file
+# checksum digest.
+# RPM_FSK_PATH
+# Optional variable for the file signing key.
+# RPM_FSK_PASSWORD
+# Optional variable for the file signing key password.
# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
+# RPM_GPG_SIGN_CHUNK
+# Optional variable indicating the number of packages used per gpg
+# invocation
# GPG_PATH
# Optional variable for specifying the gnupg "home" directory:
-#
+
inherit sanity
RPM_SIGN_PACKAGES='1'
+RPM_SIGN_FILES ?= '0'
RPM_GPG_BACKEND ?= 'local'
+# SHA-256 is used by default
+RPM_FILE_CHECKSUM_DIGEST ?= '8'
+RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
python () {
@@ -28,6 +42,11 @@
for var in ('RPM_GPG_NAME', 'RPM_GPG_PASSPHRASE'):
if not d.getVar(var):
raise_sanity_error("You need to define %s in the config" % var, d)
+
+ if d.getVar('RPM_SIGN_FILES') == '1':
+ for var in ('RPM_FSK_PATH', 'RPM_FSK_PASSWORD'):
+ if not d.getVar(var):
+ raise_sanity_error("You need to define %s in the config" % var, d)
}
python sign_rpm () {
@@ -39,8 +58,18 @@
signer.sign_rpms(rpms,
d.getVar('RPM_GPG_NAME'),
- d.getVar('RPM_GPG_PASSPHRASE'))
+ d.getVar('RPM_GPG_PASSPHRASE'),
+ d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
+ int(d.getVar('RPM_GPG_SIGN_CHUNK')),
+ d.getVar('RPM_FSK_PATH'),
+ d.getVar('RPM_FSK_PASSWORD'))
}
do_package_index[depends] += "signing-keys:do_deploy"
do_rootfs[depends] += "signing-keys:do_populate_sysroot"
+
+# Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
+# so unfortunately the signing must be done serially. Once the upstream problem is fixed,
+# the following line must be removed otherwise we loose all the intrinsic parallelism from
+# bitbake. For more information, check https://bugzilla.yoctoproject.org/show_bug.cgi?id=12022.
+do_package_write_rpm[lockfiles] += "${TMPDIR}/gpg.lock"