[yocto] Failure Inheriting rpm_sign

Khem Raj raj.khem at gmail.com
Mon Jan 9 10:47:13 PST 2017 

On Fri, Jan 6, 2017 at 3:52 AM, Chris Trobridge
<christrobridge at hotmail.com> wrote:
> I am getting "Exception: OSError: [Errno 7] Argument list too long" for sign_rpm in the do_package_write_rpm tasks for the
> linux-yocto and glibc-locale recipes.
>
> This is building core-image-minimal (and also my own image) with morty (5aa481d) on Fedora 25.
>
> I have enabled the rpm signing with:
>
> INHERIT += " sign_rpm"
> RPM_GPG_NAME = "{name}"
> RPM_GPG_PASSPHRASE = "{passphrase}"
> IMAGE_INSTALL_append = " signing-keys-rpm"
>
> The error message makes some sense in as much as these recipes produce a lot of packages (for example, glibc-locale produces 1791 packages) and the command line in the log is pretty big, although reading around I didn't find a consensus on what the max command line should be.
>
> The code to sign rpms is in meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py and it builds up one command line with all the packages.
>
> I changed the code (patch appended) to sign each rpm in a separate command and the build completed successfully.  The signing operations take a large amount of time so I think this might be a reasonable change but you may have other concerns.

This certainly is useful, perhaps the signing bits can be moved to individual
recipe packaging tasks that way it may be parallelized a bit

>
> Regards,
> Chris
>
> diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
> index 38eb0cb..a386b1f 100644
> --- a/meta/lib/oe/gpg_sign.py
> +++ b/meta/lib/oe/gpg_sign.py
> @@ -29,17 +29,18 @@ class LocalSigner(object):
>      def sign_rpms(self, files, keyid, passphrase):
>          """Sign RPM files"""
>
> -        cmd = self.rpm_bin + " --addsign --define '_gpg_name %s'  " % keyid
> -        cmd += "--define '_gpg_passphrase %s' " % passphrase
> -        if self.gpg_bin:
> -            cmd += "--define '%%__gpg %s' " % self.gpg_bin
> -        if self.gpg_path:
> -            cmd += "--define '_gpg_path %s' " % self.gpg_path
> -        cmd += ' '.join(files)
> -
> -        status, output = oe.utils.getstatusoutput(cmd)
> -        if status:
> -            raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)
> +        for file in files:
> +            cmd = self.rpm_bin + " --addsign --define '_gpg_name %s'  " % keyid
> +            cmd += "--define '_gpg_passphrase %s' " % passphrase
> +            if self.gpg_bin:
> +                cmd += "--define '%%__gpg %s' " % self.gpg_bin
> +            if self.gpg_path:
> +                cmd += "--define '_gpg_path %s' " % self.gpg_path
> +            cmd += file
> +
> +            status, output = oe.utils.getstatusoutput(cmd)
> +            if status:
> +                raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)
>
>      def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
>          """Create a detached signature of a file"""
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto

More information about the yocto mailing list