On Mon, 2017-01-09 at 10:47 -0800, Khem Raj wrote: > On Fri, Jan 6, 2017 at 3:52 AM, Chris Trobridge > <christrobri...@hotmail.com> wrote: > > I am getting "Exception: OSError: [Errno 7] Argument list too long" > > for sign_rpm in the do_package_write_rpm tasks for the > > linux-yocto and glibc-locale recipes. > > > > This is building core-image-minimal (and also my own image) with > > morty (5aa481d) on Fedora 25. > > > > I have enabled the rpm signing with: > > > > INHERIT += " sign_rpm" > > RPM_GPG_NAME = "{name}" > > RPM_GPG_PASSPHRASE = "{passphrase}" > > IMAGE_INSTALL_append = " signing-keys-rpm" > > > > The error message makes some sense in as much as these recipes > > produce a lot of packages (for example, glibc-locale produces 1791 > > packages) and the command line in the log is pretty big, although > > reading around I didn't find a consensus on what the max command > > line should be. > > > > The code to sign rpms is in meta/lib/oe/gpg_sign.py > > b/meta/lib/oe/gpg_sign.py and it builds up one command line with > > all the packages. > > > > I changed the code (patch appended) to sign each rpm in a separate > > command and the build completed successfully. The signing > > operations take a large amount of time so I think this might be a > > reasonable change but you may have other concerns. > > This certainly is useful, perhaps the signing bits can be moved to > individual > recipe packaging tasks that way it may be parallelized a bit >
Thanks Raj, Something needs to be done as, unless I've messed up somewhere, you cannot build even core-image-minimal with rpm signing enabled so the sign_rpm class is effectively broken. The change I made works, but it's true is less efficient than signing rpms individually. The expense of the signature generation meant it wasn't inefficient to sign each package in a recipe with a separate command. However, looking in package_rpm.bbclass, the end of do_package_rpm() has: if d.getVar('RPM_SIGN_PACKAGES', True) == '1': bb.build.exec_func("sign_rpm", d) So, to avoid confusion, all the rpms in one recipe are packaged in task, and then that task calls the function sign all the packages. I don't know if there's a way for do_package_rpm() to spawn tasks to sign each package individually. I also found I needed 'IMAGE_INSTALL_append = " signing-keys-rpm"' local.conf, to deploy the public key but in sign_rpms.bbclass there is: do_package_index[depends] += "signing-keys:do_deploy" do_rootfs[depends] += "signing-keys:do_populate_sysroot" It may be this isn't quite what is required. Regards, Chris -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto