I am building a docker image and i am trying to sign the packages that are generated during the build using gpg signature. here is my env variables:
yocto@edef5a9c44a0:~/build$ gpg --list-keys
/home/yocto/.gnupg/pubring.kbx
------------------------------
pub rsa3072 2020-12-14 [SC] [expires: 2025-12-13]
1A5EE69728AEC73E061665949FFC6A5AD2F1126C
uid [ultimate] xxxxxxxx (yyyyyyyy) <zzzzzzzz@zzzzzzzz>
sub rsa3072 2020-12-14 [E] [expires: 2025-12-13]
Here my key ID <9FFC6A5AD2F1126C> and here are the lines I am adding to my machine conf
# Package manager configs
PACKAGE_CLASSES = "package_ipk"
EXTRA_IMAGE_FEATURES = "package-management"
IMAGE_INSTALL_append = " opkg "
# Package manager signature
INHERIT += "sign_ipk"
#OPKG_KEYRING_KEYS ?= "9FFC6A5AD2F1126C"
IPK_GPG_NAME = "9FFC6A5AD2F1126C"
IPK_GPG_PASSPHRASE_FILE = "/home/yocto/passphrase.txt"
INHERIT += "sign_package_feed"
PACKAGE_FEED_GPG_NAME = "9FFC6A5AD2F1126C"
PACKAGE_FEED_GPG_PASSPHRASE_FILE = "/home/yocto/passphrase.txt"
In the "/home/yocto/passphrase.txt" I included my secret passphrase. I did export my key in the yocto env with the following:
$ gpg --output rpm-feed.gpg --export <id>
I keep having this error: gpg: signing failed: Cannot allocate memory
log file:
yocto@edef5a9c44a0:~/build$ cat /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/temp/log.do_package_write_ipk.51190
DEBUG: Executing python function sstate_task_prefunc
DEBUG: Python function sstate_task_prefunc finished
DEBUG: Executing python function extend_recipe_sysroot
NOTE: Direct dependencies are ['virtual:native:/home/yocto/poky/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb:do_populate_sysroot', 'virtual:native:/home/yocto/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.5.bb:do_populate_sysroot']
NOTE: Installed into sysroot: []
NOTE: Skipping as already exists in sysroot: ['pseudo-native', 'opkg-utils-native', 'quilt-native']
DEBUG: Python function extend_recipe_sysroot finished
DEBUG: Executing python function do_package_write_ipk
DEBUG: Executing python function read_subpackage_metadata
DEBUG: Python function read_subpackage_metadata finished
DEBUG: Executing python function do_package_ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-man_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-xmlrpc_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-xml_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-typing_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-unixadmin_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-modules_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-unittest_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Signing ipk: /home/yocto/build/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/python3/3.5.3-r1.0/deploy-ipks/cortexa9hf-neon/python3-misc_3.5.3-r1.0_cortexa9hf-neon.ipk
DEBUG: Python function do_package_ipk finished
DEBUG: Python function do_package_write_ipk finished
ERROR: Function failed: GPG exited with code 2: gpg: signing failed: Cannot allocate memory
gpg: signing failed: Cannot allocate memory
Here is the output concerning the memory and I don't understand on what memory it couldn't allocated !
yocto@edef5a9c44a0:~/build$ df -h
Bestandssysteem Grootte Gebruikt Besch Geb% Aangekoppeld op
overlay 297G 83G 200G 30% /
tmpfs 64M 0 64M 0% /dev
tmpfs 7,7G 0 7,7G 0% /sys/fs/cgroup
shm 64M 0 64M 0% /dev/shm
/dev/nvme0n1p5 297G 83G 200G 30% /home/yocto
tmpfs 7,7G 0 7,7G 0% /proc/asound
tmpfs 7,7G 0 7,7G 0% /proc/acpi
tmpfs 7,7G 0 7,7G 0% /proc/scsi
tmpfs 7,7G 0 7,7G 0% /sys/firmware
I managed to avoid the running out of memory issue by the following: I added this option
auto-expand-secmem 0x30000to my .gnupg/gpg-agent.conf file. I didn't have it in the first place!so I created:vim .gnupg/gpg-agent.confand I added that option. from what I understood is that this gpg agent is allocating some sort of ram memory in order for him to begin signing the files, this memory allocation will depend on the number of the cores your environment is running with. I hope I am not mistaking here!. I am still learning about this! Hence I am facing a new error:| gpg: skipped "9FFC6A5AD2F1126C": No secret key | gpg: signing failed: No secret key