# GPG_BIN
# Optional variable for specifying the gpg binary/wrapper to use for
# signing.
+# RPM_GPG_SIGN_CHUNK
+# Optional variable indicating the number of packages used per gpg
+# invocation
# GPG_PATH
# Optional variable for specifying the gnupg "home" directory:
-#
+
inherit sanity
RPM_SIGN_PACKAGES='1'
RPM_GPG_BACKEND ?= 'local'
# SHA-256 is used by default
RPM_FILE_CHECKSUM_DIGEST ?= '8'
+RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"
python () {
d.getVar('RPM_GPG_NAME'),
d.getVar('RPM_GPG_PASSPHRASE'),
d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
+ int(d.getVar('RPM_GPG_SIGN_CHUNK')),
d.getVar('RPM_FSK_PATH'),
d.getVar('RPM_FSK_PASSWORD'))
}
raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
(keyid, output))
- def sign_rpms(self, files, keyid, passphrase, digest, fsk=None, fsk_password=None):
+ def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None):
"""Sign RPM files"""
cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid
if fsk_password:
cmd += "--define '_file_signing_key_password %s' " % fsk_password
- # Sign packages
- for f in files:
- status, output = oe.utils.getstatusoutput(cmd + ' ' + f)
+ # Sign in chunks
+ for i in range(0, len(files), sign_chunk):
+ status, output = oe.utils.getstatusoutput(cmd + ' '.join(files[i:i+sign_chunk]))
if status:
raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)
