# SPDX-License-Identifier: LGPL-2.1+
+from pathlib import Path
+
from mkosi.config import MkosiConfig
from mkosi.distributions import centos
from mkosi.installer.dnf import Repo
return "AlmaLinux"
@staticmethod
- def gpgurls() -> tuple[str, ...]:
- return ("https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever",)
+ def gpgurls(config: MkosiConfig) -> tuple[str, ...]:
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/alma/RPM-GPG-KEY-AlmaLinux-{config.release}")
+ if gpgpath.exists():
+ return (f"file://{gpgpath}",)
+ else:
+ return ("https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever",)
@classmethod
def repository_variants(cls, config: MkosiConfig, repo: str) -> list[Repo]:
else:
url = f"mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/{repo.lower()}"
- return [Repo(repo, url, cls.gpgurls())]
+ return [Repo(repo, url, cls.gpgurls(config))]
@classmethod
def sig_repositories(cls, config: MkosiConfig) -> list[Repo]:
"cpio",
"curl",
"debian-keyring",
+ "distribution-gpg-keys",
"dnf",
"dosfstools",
"e2fsprogs",
return a
@staticmethod
- def gpgurls() -> tuple[str, ...]:
- return (
- "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official",
- "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Extras",
- )
+ def gpgurls(config: MkosiConfig) -> tuple[str, ...]:
+ gpgurls = []
+
+ for key in ("CentOS-Official", "CentOS-SIG-Extras"):
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-{key}")
+ if gpgpath.exists():
+ gpgurls += [f"file://{gpgpath}"]
+ else:
+ gpgurls += [f"https://www.centos.org/keys/RPM-GPG-KEY-{key}"]
+
+ return tuple(gpgurls)
@classmethod
def repository_variants(cls, config: MkosiConfig, repo: str) -> Iterable[Repo]:
if config.local_mirror:
- yield Repo(repo, f"baseurl={config.local_mirror}", cls.gpgurls())
+ yield Repo(repo, f"baseurl={config.local_mirror}", cls.gpgurls(config))
elif config.mirror:
if int(config.release) <= 8:
yield Repo(
repo.lower(),
f"baseurl={join_mirror(config, f'centos/$stream/{repo}/$basearch/os')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"{repo.lower()}-debuginfo",
f"baseurl={join_mirror(config, 'centos-debuginfo/$stream/$basearch')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
f"{repo.lower()}-source",
f"baseurl={join_mirror(config, f'centos/$stream/{repo}/Source')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
else:
yield Repo(
repo.lower(),
f"baseurl={join_mirror(config, f'SIGs/$stream/{repo}/$basearch/extras-common')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"{repo.lower()}-source",
f"baseurl={join_mirror(config, f'SIGs/$stream/{repo}/source/extras-common')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
repo.lower(),
f"baseurl={join_mirror(config, f'$stream/{repo}/$basearch/os')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"{repo.lower()}-debuginfo",
f"baseurl={join_mirror(config, f'$stream/{repo}/$basearch/debug/tree')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
f"{repo.lower()}-source",
f"baseurl={join_mirror(config, f'$stream/{repo}/source/tree')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
repo.lower(),
f"mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo={repo}",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
# These can't be retrieved from the mirrorlist.
yield Repo(
f"{repo.lower()}-debuginfo",
"baseurl=http://debuginfo.centos.org/$stream/$basearch",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
f"{repo.lower()}-source",
f"baseurl=https://vault.centos.org/centos/$stream/{repo}/Source",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
else:
yield Repo(
repo.lower(),
f"{url}?arch=$basearch&repo=centos-extras-sig-extras-common-$stream",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"{repo.lower()}-source",
f"{url}?arch=source&repo=centos-extras-sig-extras-common-source-$stream",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
else:
yield Repo(
repo.lower(),
f"{url}?arch=$basearch&repo=centos-{repo.lower()}-$stream",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"{repo.lower()}-debuginfo",
f"{url}?arch=$basearch&repo=centos-{repo.lower()}-debug-$stream",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
f"{repo.lower()}-source",
f"{url}?arch=source&repo=centos-{repo.lower()}-source-$stream",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
@classmethod
def epel_repositories(cls, config: MkosiConfig) -> Iterable[Repo]:
- gpgurls = ("https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever",)
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-EPEL-{config.release}")
+ if gpgpath.exists():
+ gpgurls = (f"file://{gpgpath}",)
+ else:
+ gpgurls = (f"https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{config.release}",)
if config.local_mirror:
return
(
"hyperscale",
(f"packages-{c}" for c in ("main", "experimental", "facebook", "hotfixes", "spin", "intel")),
- ("https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-HyperScale",),
+ ("CentOS-SIG-HyperScale",),
),
)
- for sig, components, gpgurls in sigs:
+ for sig, components, key in sigs:
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-{key}")
+ if gpgpath.exists():
+ gpgurls = (f"file://{gpgpath}",)
+ else:
+ gpgurls = (f"https://www.centos.org/keys/RPM-GPG-KEY-{key}",)
+
for c in components:
if config.mirror:
if int(config.release) <= 8:
import urllib.parse
from collections.abc import Sequence
+from pathlib import Path
from mkosi.architecture import Architecture
from mkosi.distributions import Distribution, DistributionInstaller, PackageType
"cpio",
"curl-minimal",
"debian-keyring",
+ "distribution-gpg-keys",
"dnf5",
"dosfstools",
"e2fsprogs",
@classmethod
def setup(cls, state: MkosiState) -> None:
- # See: https://fedoraproject.org/security/
- gpgurls = ("https://fedoraproject.org/fedora.gpg",)
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-{state.config.release}-primary")
+ if gpgpath.exists():
+ gpgurls = (f"file://{gpgpath}",)
+ else:
+ # See: https://fedoraproject.org/security/
+ gpgurls = ("https://fedoraproject.org/fedora.gpg",)
repos = []
if state.config.local_mirror:
"coreutils",
"cpio",
"curl",
+ "distribution-gpg-keys",
"dnf",
"dosfstools",
"e2fsprogs",
return "RHEL UBI"
@staticmethod
- def gpgurls() -> tuple[str, ...]:
+ def gpgurls(config: MkosiConfig) -> tuple[str, ...]:
return ("https://access.redhat.com/security/data/fd431d51.txt",)
@classmethod
def repository_variants(cls, config: MkosiConfig, repo: str) -> Iterable[Repo]:
if config.local_mirror:
- yield Repo(repo, f"baseurl={config.local_mirror}", cls.gpgurls())
+ yield Repo(repo, f"baseurl={config.local_mirror}", cls.gpgurls(config))
else:
v = config.release
yield Repo(
f"ubi-{v}-{repo}-rpms",
f"baseurl={centos.join_mirror(config, f'ubi{v}/{v}/$basearch/{repo}/os')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
)
yield Repo(
f"ubi-{v}-{repo}-debug-rpms",
f"baseurl={centos.join_mirror(config, f'ubi{v}/{v}/$basearch/{repo}/debug')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
yield Repo(
f"ubi-{v}-{repo}-source",
f"baseurl={centos.join_mirror(config, f'ubi{v}/{v}/$basearch/{repo}/source')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
if repo == "codeready-builder":
yield Repo(
f"ubi-{v}-{repo}",
f"baseurl={centos.join_mirror(config, f'ubi{v}/{v}/$basearch/{repo}/os')}",
- cls.gpgurls(),
+ cls.gpgurls(config),
enabled=False,
)
# SPDX-License-Identifier: LGPL-2.1+
+from pathlib import Path
+
from mkosi.config import MkosiConfig
from mkosi.distributions import centos
from mkosi.installer.dnf import Repo
return "Rocky Linux"
@staticmethod
- def gpgurls() -> tuple[str, ...]:
- return ("https://download.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-$releasever",)
+ def gpgurls(config: MkosiConfig) -> tuple[str, ...]:
+ gpgpath = Path(f"/usr/share/distribution-gpg-keys/rocky/RPM-GPG-KEY-Rocky-{config.release}")
+ if gpgpath.exists():
+ return (f"file://{gpgpath}",)
+ else:
+ return ("https://download.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-$releasever",)
@classmethod
def repository_variants(cls, config: MkosiConfig, repo: str) -> list[Repo]:
else:
url = f"mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo={repo}-$releasever"
- return [Repo(repo, url, cls.gpgurls())]
+ return [Repo(repo, url, cls.gpgurls(config))]
@classmethod
def sig_repositories(cls, config: MkosiConfig) -> list[Repo]:
which distributions default tools tree packages are defined and which
packages are included in those default tools trees:
- | | Fedora | CentOS | Debian | Arch | openSUSE |
- |---------------------|--------|--------|--------|------|----------|
- | `apt` | X | X | X | X | |
- | `archlinux-keyring` | X | | X | X | |
- | `bash` | X | X | X | X | X |
- | `btrfs-progs` | X | | X | X | X |
- | `bubblewrap` | X | X | X | X | X |
- | `ca-certificates` | X | X | X | X | X |
- | `coreutils` | X | X | X | X | X |
- | `cpio` | X | X | X | X | X |
- | `curl` | X | X | X | X | X |
- | `debian-keyring` | X | X | X | X | |
- | `dnf` | X | X | X | X | X |
- | `dosfstools` | X | X | X | X | X |
- | `e2fsprogs` | X | X | X | X | X |
- | `edk2-ovmf` | X | X | X | X | X |
- | `erofs-utils` | X | | X | X | X |
- | `mtools` | X | X | X | X | X |
- | `openssh` | X | X | X | X | X |
- | `openssl` | X | X | X | X | X |
- | `pacman` | X | | X | X | |
- | `pesign` | X | X | X | X | X |
- | `qemu` | X | X | X | X | X |
- | `sbsigntools` | X | | X | X | X |
- | `socat` | X | X | X | X | X |
- | `squashfs-tools` | X | X | X | X | X |
- | `strace` | X | X | X | X | X |
- | `swtpm` | X | X | X | X | X |
- | `systemd` | X | X | X | X | X |
- | `ukify` | X | | X | X | X |
- | `tar` | X | X | X | X | X |
- | `util-linux` | X | X | X | X | X |
- | `virtiofsd` | X | X | | X | X |
- | `xfsprogs` | X | X | X | X | X |
- | `xz` | X | X | X | X | X |
- | `zstd` | X | X | X | X | X |
- | `zypper` | X | | X | X | |
+ | | Fedora | CentOS | Debian | Arch | openSUSE |
+ |-------------------------|--------|--------|--------|------|----------|
+ | `apt` | X | X | X | X | |
+ | `archlinux-keyring` | X | | X | X | |
+ | `bash` | X | X | X | X | X |
+ | `btrfs-progs` | X | | X | X | X |
+ | `bubblewrap` | X | X | X | X | X |
+ | `ca-certificates` | X | X | X | X | X |
+ | `coreutils` | X | X | X | X | X |
+ | `cpio` | X | X | X | X | X |
+ | `curl` | X | X | X | X | X |
+ | `debian-keyring` | X | X | X | X | |
+ | `distribution-gpg-keys` | X | X | | | X |
+ | `dnf` | X | X | X | X | X |
+ | `dosfstools` | X | X | X | X | X |
+ | `e2fsprogs` | X | X | X | X | X |
+ | `edk2-ovmf` | X | X | X | X | X |
+ | `erofs-utils` | X | | X | X | X |
+ | `mtools` | X | X | X | X | X |
+ | `openssh` | X | X | X | X | X |
+ | `openssl` | X | X | X | X | X |
+ | `pacman` | X | | X | X | |
+ | `pesign` | X | X | X | X | X |
+ | `qemu` | X | X | X | X | X |
+ | `sbsigntools` | X | | X | X | X |
+ | `socat` | X | X | X | X | X |
+ | `squashfs-tools` | X | X | X | X | X |
+ | `strace` | X | X | X | X | X |
+ | `swtpm` | X | X | X | X | X |
+ | `systemd` | X | X | X | X | X |
+ | `ukify` | X | | X | X | X |
+ | `tar` | X | X | X | X | X |
+ | `util-linux` | X | X | X | X | X |
+ | `virtiofsd` | X | X | | X | X |
+ | `xfsprogs` | X | X | X | X | X |
+ | `xz` | X | X | X | X | X |
+ | `zstd` | X | X | X | X | X |
+ | `zypper` | X | | X | X | |
`ToolsTreeDistribution=`, `--tools-tree-distribution=`
projects / thirdparty / mkosi.git / commitdiff
