Allow gpg access to /run/pscsd/pscsd.comm on the host if it exists

This is required for gpg to communicate with pscsd for interaction
with smartcards so let's mount it in if it exists.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 56c4c859d58488947e35fc6acb697ec4a01378b7..7ba235b0b59826da2bf78a255920a8521020ff6f 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1974,18 +1974,18 @@ def calculate_signature(context: Context) -> None:
     if sys.stderr.isatty():
         env |= dict(GPGTTY=os.ttyname(sys.stderr.fileno()))
 
+    options: list[PathString] = ["--perms", "755", "--dir", home, "--bind", home, home]
+
+    # gpg can communicate with smartcard readers via this socket so bind mount it in if it exists.
+    if (p := Path("/run/pcscd/pcscd.comm")).exists():
+        options += ["--perms", "755", "--dir", p.parent, "--bind", p, p]
+
     with (
         complete_step("Signing SHA256SUMS…"),
         open(context.staging / context.config.output_checksum, "rb") as i,
         open(context.staging / context.config.output_signature, "wb") as o,
     ):
-        run(
-            cmdline,
-            env=env,
-            stdin=i,
-            stdout=o,
-            sandbox=context.sandbox(options=["--perms", "755", "--dir", home, "--bind", home, home]),
-        )
+        run(cmdline, env=env, stdin=i, stdout=o, sandbox=context.sandbox(options=options))
 
 
 def dir_size(path: Union[Path, os.DirEntry[str]]) -> int: