pacman: Don't mount keyring dir if it's empty

This allows providing the keyring via sandbox trees which we'll make
use of in mkosi-initrd.

diff --git a/mkosi/installer/pacman.py b/mkosi/installer/pacman.py
index 9755b99923173d5ffb92a59585805bdadbb32b22..08d8e0f56b6face74682067c76dcb18cb8acccb6 100644 (file)
--- a/mkosi/installer/pacman.py
+++ b/mkosi/installer/pacman.py
@@ -59,9 +59,11 @@ class Pacman(PackageManager):
             # pacman writes downloaded packages to the first writable cache directory. We don't want it to
             # write to our local repository directory so we expose it as a read-only directory to pacman.
             "--ro-bind", context.repository, "/var/cache/pacman/mkosi",
-            "--ro-bind", context.keyring_dir, "/etc/pacman.d/gnupg",
         ]  # fmt: skip
 
+        if any(context.keyring_dir.iterdir()):
+            mounts += ["--ro-bind", context.keyring_dir, "/etc/pacman.d/gnupg"]
+
         if (context.root / "var/lib/pacman/local").exists():
             # pacman reuses the same directory for the sync databases and the local database containing the
             # list of installed packages. The former should go in the cache directory, the latter should go