[OE-core] [RFC PATCH 3/3] classes/sstate: regenerate sstate when signing enabled

Fri Jul 26 11:26:50 UTC 2019

This change ensures that the task signatures changes, and therefore
sstate tasks are rerun, when signing is enabled. This has the
positive outcome that if signing is enabled new signed shared state
objects will be produced, rather than just signing shared state
objects for tasks where no work has been performed yet.

The downside of this change is that enabling/disabling sstate object
signing alters the taskhash and results in rebuilding the world.

Signed-off-by: Joshua Lock <jlock at vmware.com>
---
 meta/classes/sstate.bbclass | 10 ++++++++--
 meta/lib/oe/gpg_sign.py     | 10 ++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 3342c5ef50..b060e15053 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -659,8 +659,12 @@ def sstate_package(ss, d):
     if d.getVar('SSTATE_SKIP_CREATION') == '1':
         return
 
+    sstate_create_package = ['sstate_report_unihash', 'sstate_create_package']
+    if d.getVar('SSTATE_SIG_KEY'):
+        sstate_create_package.append('sstate_sign_package')
+
     for f in (d.getVar('SSTATECREATEFUNCS') or '').split() + \
-             ['sstate_report_unihash', 'sstate_create_package', 'sstate_sign_package'] + \
+             sstate_create_package + \
              (d.getVar('SSTATEPOSTCREATEFUNCS') or '').split():
         # All hooks should run in SSTATE_BUILDDIR.
         bb.build.exec_func(f, d, (sstatebuild,))
@@ -774,7 +778,7 @@ sstate_create_package () {
 }
 
 python sstate_sign_package () {
-    from oe.gpg_sign import get_signer
+    from oe.gpg_sign import get_signer, SignFailedError
 
     if d.getVar('SSTATE_SIG_KEY'):
         signer = get_signer(d, 'local')
@@ -783,6 +787,8 @@ python sstate_sign_package () {
             os.unlink(sstate_pkg + '.sig')
         signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY', False), None,
                            d.getVar('SSTATE_SIG_PASSPHRASE'), armor=False)
+    else:
+        raise SignFailedError("Can't sign sstate packages without key, SSTATE_SIG_KEY empty")
 }
 
 python sstate_report_unihash() {
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 2fd8c3b1ac..ec5ace0dd0 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -123,6 +123,16 @@ class LocalSigner(object):
         return ret
 
 
+class SignFailedError(bb.build.FuncFailed):
+    def __init__(self, description, name=None, logfile=None):
+        self.description = description
+        self.name = name
+        self.logfile = logfile
+
+    def __str__(self):
+        return 'Signing failed: %s' % self.description
+
+
 def get_signer(d, backend):
     """Get signer object for the specified backend"""
     # Use local signing by default
-- 
2.21.0

