Issue
I have two questions related with Yocto and the generation of images when the distro is configured to use a repository of rpm packages signed with gpg.
First question: after running the "bitbake my-image.bb" command, the build process stops with this message of error:
ERROR: myimage-1.0-r0 do_rootfs: [log_check] myimage: found 1 error message in the logfile:
[log_check] Failed to synchronize cache for repo 'yocto-rpm', disabling.
Surprisingly, this error is only raised when the http server used to serve rpm packages for the running distro generated (i.e. nginx) is stopped (not listening). If the http server is started (listening), then the error message doesn't appear and the generation of the yocto image works fine.
According to my understanding, the final image generated by yocto uses the local rpms generated by the build process (located inside the build/ dir). Those packages are available locally (you don't need the remote server where rpms are published for updating/installing on running distros at all). So, I don't understand why the build process needs syncronizing with the remote server to build the image locally.
Second question: I setup my image to use dnf
client to manage rpm packages. To configure the remote repo used to serve rpm packages, I create a dnf_%.bbappend file to copy this configuration file to destination directory ${D}/etc/yum.repos.d/
$ cat yocto-rpm.repo
[yocto-rpm]
name=Rocko Yocto Repo
baseurl=http://<HTTP_SERVER_IP>/rpm
enabled=1
gpgcheck=1
When the 'gpgcheck' variable is set with value 0, the image is build fine even if the http server (nginx) is stopped. However, if gpgcheck is set with value 1, then the image is not built fine if the http server (nginx) is stopped.
How is that possible? Is yocto analyzing contents of a file installed on the final image to customize the build process?
Just to provide all the information related with this issue, yocto knows about public gpg key because it is defined inside distro.conf in this way:
INHERIT += "sign_rpm"
RPM_GPG_NAME = "gpgyocto"
RPM_GPG_PASSPHRASE = "XYZ"
INHERIT += "sign_package_feed"
PACKAGE_FEED_GPG_NAME = "gpgyocto"
PACKAGE_FEED_GPG_PASSPHRASE_FILE = "/etc/yocto.d/gpgyocto"
The "gpgyocto" key is available on the gpg keys ring:
$ gpg --list-keys
/home/<myuser>/.gnupg/pubring.kbx
----------------------------------
pub rsa2048 2018-04-27 [SC] [expires: 2020-04-26]
9112FBBF2073012C1463B8686235C65BD7C1F0D8
uid [ultimate] gpgyocto <yocto@<mydomain.com>
sub rsa2048 2018-04-27 [E] [expires: 2020-04-26]
Thank you in advance for your time! :)
Solution
I have finally fixed my issue. Adding a custom dnf_%.bbappend was a bad idea. All problems were generated because of that.
The best way to solve this issue is removing that dnf_%.bbappend completely, and then defining a custom PACKAGE_FEED_URIS in your local.conf pointing to your rpm server . Yocto build process generates automatically a configuration file inside ${D}/etc/yum.repos.d/ with all it needs to use that remote repo from the target device. Thats all. Hope this helps somebody else and thank you for all your support.
Answered By - criptobadia Answer Checked By - David Marino (WPSolving Volunteer)