[gnome-continuous-yocto/gnomeostree-3.28-rocko: 7274/8267] sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 7274/8267] sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK
Date: Sun, 17 Dec 2017 06:01:06 +0000 (UTC)

commit e461f32d6823aeecbe3ee8090588737c9d67e91f
Author: Leonardo Sandoval <leonardo sandoval gonzalez linux intel com>
Date:   Thu Aug 17 10:12:27 2017 -0700

    sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK
    
    Commit d58b1d196 moved from chunk to serial signing, but neither of both approaches
    allowed the user to select the chunks size. This patch allows the user to select
    a chunk size through RPM_GPG_SIGN_CHUNK defaulting to BB_NUMBER_THREADS, considered
    a good default. Indirectly, this change reduces the number of processes spawn
    to number-of-packages/RPM_GPG_SIGN_CHUNK.
    
    (From OE-Core rev: f7f78e73f1cd15f4233a231364b14438af758628)
    
    Signed-off-by: Leonardo Sandoval <leonardo sandoval gonzalez linux intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/classes/sign_rpm.bbclass |    7 ++++++-
 meta/lib/oe/gpg_sign.py       |    8 ++++----
 2 files changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/meta/classes/sign_rpm.bbclass b/meta/classes/sign_rpm.bbclass
index c49406c..6796780 100644
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -19,9 +19,12 @@
 # GPG_BIN
 #           Optional variable for specifying the gpg binary/wrapper to use for
 #           signing.
+# RPM_GPG_SIGN_CHUNK
+#           Optional variable indicating the number of packages used per gpg
+#           invocation
 # GPG_PATH
 #           Optional variable for specifying the gnupg "home" directory:
-#
+
 inherit sanity
 
 RPM_SIGN_PACKAGES='1'
@@ -29,6 +32,7 @@ RPM_SIGN_FILES ?= '0'
 RPM_GPG_BACKEND ?= 'local'
 # SHA-256 is used by default
 RPM_FILE_CHECKSUM_DIGEST ?= '8'
+RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
 
 
 python () {
@@ -56,6 +60,7 @@ python sign_rpm () {
                      d.getVar('RPM_GPG_NAME'),
                      d.getVar('RPM_GPG_PASSPHRASE'),
                      d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
+                     int(d.getVar('RPM_GPG_SIGN_CHUNK')),
                      d.getVar('RPM_FSK_PATH'),
                      d.getVar('RPM_FSK_PASSWORD'))
 }
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 5c7985a..008478d 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -27,7 +27,7 @@ class LocalSigner(object):
             raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
                                       (keyid, output))
 
-    def sign_rpms(self, files, keyid, passphrase, digest, fsk=None, fsk_password=None):
+    def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None):
         """Sign RPM files"""
 
         cmd = self.rpm_bin + " --addsign --define '_gpg_name %s'  " % keyid
@@ -45,9 +45,9 @@ class LocalSigner(object):
             if fsk_password:
                 cmd += "--define '_file_signing_key_password %s' " % fsk_password
 
-        # Sign packages
-        for f in files:
-            status, output = oe.utils.getstatusoutput(cmd + ' ' + f)
+        # Sign in chunks
+        for i in range(0, len(files), sign_chunk):
+            status, output = oe.utils.getstatusoutput(cmd + ' '.join(files[i:i+sign_chunk]))
             if status:
                 raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]