QemuKvm=yes
EOF
- # TODO: Drop once distribution-gpg-keys is in noble-backports.
- if [[ "${{ matrix.tools }}" =~ opensuse|fedora|ubuntu ]]; then
- tee --append mkosi.local.conf <<EOF
- [Distribution]
- RepositoryKeyFetch=yes
- EOF
- fi
-
# TODO: Remove once all distros have recent enough systemd that knows systemd.default_device_timeout_sec.
mkdir -p mkosi-initrd/mkosi.extra/usr/lib/systemd/system.conf.d
tee mkosi-initrd/mkosi.extra/usr/lib/systemd/system.conf.d/device-timeout.conf <<EOF
return detected.default_tools_tree_distribution()
+def config_default_repository_key_fetch(namespace: argparse.Namespace) -> bool:
+ if detect_distribution()[0] != Distribution.ubuntu:
+ return False
+
+ if namespace.tools_tree is None:
+ return cast(bool, namespace.distribution.is_rpm_distribution())
+
+ if namespace.tools_tree != Path("default"):
+ return False
+
+ return cast(
+ bool,
+ (namespace.tools_tree_distribution == Distribution.ubuntu and namespace.distribution.is_rpm_distribution()) or
+ namespace.tools_tree_distribution.is_rpm_distribution()
+ )
+
+
def config_default_source_date_epoch(namespace: argparse.Namespace) -> Optional[int]:
for env in namespace.environment:
if s := startswith(env, "SOURCE_DATE_EPOCH="):
metavar="BOOL",
nargs="?",
section="Distribution",
- default=False,
+ default_factory_depends=("distribution", "tools_tree", "tools_tree_distribution"),
+ default_factory=config_default_repository_key_fetch,
parse=config_parse_boolean,
help="Controls whether distribution GPG keys can be fetched remotely",
universal=True,
def is_apt_distribution(self) -> bool:
return self in (Distribution.debian, Distribution.ubuntu)
+ def is_rpm_distribution(self) -> bool:
+ return self in (
+ Distribution.fedora,
+ Distribution.opensuse,
+ Distribution.mageia,
+ Distribution.centos,
+ Distribution.rhel,
+ Distribution.rhel_ubi,
+ Distribution.openmandriva,
+ Distribution.rocky,
+ Distribution.alma,
+ )
+
def pretty_name(self) -> str:
return self.installer().pretty_name()
a repository from a local filesystem.
`RepositoryKeyFetch=`, `--repository-key-fetch=`
-: Controls whether mkosi will fetch distribution GPG keys remotely. Disabled
- by default. When disabled, the distribution GPG keys for the target distribution
+: Controls whether mkosi will fetch distribution GPG keys remotely. Enabled by
+ default on Ubuntu when not using a tools tree, disabled by default on all
+ other distributions. When disabled, the distribution GPG keys for the target distribution
have to be installed locally on the host system alongside the package manager for
that distribution.
options=[
"--directory", "",
"--incremental=no",
- "--repository-key-fetch=yes",
"--base-tree", Path(image.output_dir) / "image",
"--overlay",
"--package=dnsmasq",
projects / thirdparty / mkosi.git / commitdiff
