On Fri, 2019-07-26 at 11:26 +0000, Joshua Lock via Openembedded-core wrote: > This change ensures that the task signatures changes, and therefore > sstate tasks are rerun, when signing is enabled. This has the > positive outcome that if signing is enabled new signed shared state > objects will be produced, rather than just signing shared state > objects for tasks where no work has been performed yet. > > The downside of this change is that enabling/disabling sstate object > signing alters the taskhash and results in rebuilding the world. > > Signed-off-by: Joshua Lock <[email protected]> > --- > meta/classes/sstate.bbclass | 10 ++++++++-- > meta/lib/oe/gpg_sign.py | 10 ++++++++++ > 2 files changed, 18 insertions(+), 2 deletions(-) > > diff --git a/meta/classes/sstate.bbclass > b/meta/classes/sstate.bbclass > index 3342c5ef50..b060e15053 100644 > --- a/meta/classes/sstate.bbclass > +++ b/meta/classes/sstate.bbclass > @@ -659,8 +659,12 @@ def sstate_package(ss, d): > if d.getVar('SSTATE_SKIP_CREATION') == '1': > return > > + sstate_create_package = ['sstate_report_unihash', > 'sstate_create_package'] > + if d.getVar('SSTATE_SIG_KEY'): > + sstate_create_package.append('sstate_sign_package') > + > for f in (d.getVar('SSTATECREATEFUNCS') or '').split() + \ > - ['sstate_report_unihash', 'sstate_create_package', > 'sstate_sign_package'] + \ > + sstate_create_package + \ > (d.getVar('SSTATEPOSTCREATEFUNCS') or '').split(): > # All hooks should run in SSTATE_BUILDDIR. > bb.build.exec_func(f, d, (sstatebuild,)) > @@ -774,7 +778,7 @@ sstate_create_package () { > } > > python sstate_sign_package () { > - from oe.gpg_sign import get_signer > + from oe.gpg_sign import get_signer, SignFailedError > > if d.getVar('SSTATE_SIG_KEY'): > signer = get_signer(d, 'local') > @@ -783,6 +787,8 @@ python sstate_sign_package () { > os.unlink(sstate_pkg + '.sig') > signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY', > False), None, > d.getVar('SSTATE_SIG_PASSPHRASE'), > armor=False) > + else: > + raise SignFailedError("Can't sign sstate packages without > key, SSTATE_SIG_KEY empty") > } > > python sstate_report_unihash() { > diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py > index 2fd8c3b1ac..ec5ace0dd0 100644 > --- a/meta/lib/oe/gpg_sign.py > +++ b/meta/lib/oe/gpg_sign.py > @@ -123,6 +123,16 @@ class LocalSigner(object): > return ret > > > +class SignFailedError(bb.build.FuncFailed): > + def __init__(self, description, name=None, logfile=None): > + self.description = description > + self.name = name > + self.logfile = logfile > + > + def __str__(self): > + return 'Signing failed: %s' % self.description > + > +
Whilst this subclass is quite pythonic, I'm not sure we want to do this. At the back of my mind is the feeling that FuncFailed is a bit pointless :/. Put differently, what does this buy us that bb.fatal() doesn't? We do have a few users of FuncFailed in OECore but not many (about 8)... Cheers, Richard -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
