From: Septatrix <24257556+Septatrix@users.noreply.github.com>
Date: Tue, 8 Apr 2025 13:59:30 +0000 (+0200)
Subject: Generate key-cert pair in config directory (fixes #3655)
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e4ec15aee6b98300b2ee14265bc647a716a9f8a;p=thirdparty%2Fmkosi.git

Generate key-cert pair in config directory (fixes #3655)
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 57a759c62..9187e1b3a 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -71,6 +71,7 @@ from mkosi.config import (
     cat_config,
     expand_delayed_specifiers,
     format_bytes,
+    get_configdir,
     have_history,
     in_sandbox,
     parse_boolean,
@@ -4482,8 +4483,10 @@ def generate_key_cert_pair(args: Args) -> None:
     keylength = 2048
     expiration_date = datetime.date.today() + datetime.timedelta(int(args.genkey_valid_days))
 
-    for f in ("mkosi.key", "mkosi.crt"):
-        if Path(f).exists() and not args.force:
+    configdir = get_configdir(args)
+
+    for f in (configdir / "mkosi.key", configdir / "mkosi.crt"):
+        if f.exists() and not args.force:
             die(
                 f"{f} already exists",
                 hint="To generate new keys, first remove mkosi.key and mkosi.crt",
@@ -4506,8 +4509,8 @@ def generate_key_cert_pair(args: Args) -> None:
             "-new",
             "-x509",
             "-newkey", f"rsa:{keylength}",
-            "-keyout", "mkosi.key",
-            "-out", "mkosi.crt",
+            "-keyout", configdir / "mkosi.key",
+            "-out", configdir / "mkosi.crt",
             "-days", str(args.genkey_valid_days),
             "-subj", f"/CN={args.genkey_common_name}/",
             "-nodes"
diff --git a/mkosi/config.py b/mkosi/config.py
index 93eb94d36..b3fc41992 100644
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -4964,6 +4964,20 @@ def finalize_default_tools(
     return Config.from_dict(context.finalize())
 
 
+def get_configdir(args: Args) -> Path:
+    """Allow locating all mkosi configuration in a mkosi/ subdirectory
+    instead of in the top-level directory of a git repository.
+    """
+    if (
+        args.directory is not None
+        and not (Path("mkosi.conf").exists() or Path("mkosi.tools.conf").exists())
+        and (Path("mkosi/mkosi.conf").is_file() or Path("mkosi/mkosi.tools.conf").exists())
+    ):
+        return Path.cwd() / "mkosi"
+
+    return Path.cwd()
+
+
 def parse_config(
     argv: Sequence[str] = (),
     *,
@@ -5050,16 +5064,7 @@ def parse_config(
 
     context.config["files"] = []
 
-    # Allow locating all mkosi configuration in a mkosi/ subdirectory instead of in the top-level directory
-    # of a git repository.
-    if (
-        args.directory is not None
-        and not (Path("mkosi.conf").exists() or Path("mkosi.tools.conf").exists())
-        and (Path("mkosi/mkosi.conf").is_file() or Path("mkosi/mkosi.tools.conf").exists())
-    ):
-        configdir = Path.cwd() / "mkosi"
-    else:
-        configdir = Path.cwd()
+    configdir = get_configdir(args)
 
     # Parse the global configuration unless the user explicitly asked us not to.
     if args.directory is not None: