Use workdir() for calculate_signature()

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index ac21e4355726a26652574c3bb87947fdf797ae5c..91ef1eb9280194eeb3819eddb47cb4ea2ccf1f2c 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -2016,7 +2016,10 @@ def calculate_signature(context: Context) -> None:
     if context.config.key is not None:
         cmdline += ["--default-key", context.config.key]
 
-    cmdline += ["--output", "-", "-"]
+    cmdline += [
+        "--output", workdir(context.staging / context.config.output_signature),
+        workdir(context.staging / context.config.output_checksum),
+    ]
 
     home = Path(context.config.environment.get("GNUPGHOME", INVOKING_USER.home() / ".gnupg"))
     if not home.exists():
@@ -2026,22 +2029,19 @@ def calculate_signature(context: Context) -> None:
     if sys.stderr.isatty():
         env |= dict(GPG_TTY=os.ttyname(sys.stderr.fileno()))
 
-    options: list[PathString] = ["--bind", home, home]
+    options: list[PathString] = [
+        "--bind", home, home,
+        "--bind", context.staging, workdir(context.staging),
+    ]
 
     # gpg can communicate with smartcard readers via this socket so bind mount it in if it exists.
     if (p := Path("/run/pcscd/pcscd.comm")).exists():
         options += ["--bind", p, p]
 
-    with (
-        complete_step("Signing SHA256SUMS…"),
-        open(context.staging / context.config.output_checksum, "rb") as i,
-        open(context.staging / context.config.output_signature, "wb") as o,
-    ):
+    with (complete_step("Signing SHA256SUMS…")):
         run(
             cmdline,
             env=env,
-            stdin=i,
-            stdout=o,
             sandbox=context.sandbox(
                 binary="gpg",
                 options=options,