fedora: for rawhide, also load key for FN+1 just in case

See the commit for explanation. This fixes a problem where during
each Fedora upgrades, the local key for rawhide points to e.g. F40,
but Fedora has already branched and rawhide is actually F41.

We may specify an additional key, that will be used a future version,
but that doesn't really matter, we assume all keys as equally good.

diff --git a/mkosi/distributions/fedora.py b/mkosi/distributions/fedora.py
index d4d3a666a69a3e77ef16a7a562ec360f2a3b17af..05bea47e4e9813e46496ee8ccf8dcf36ec50f58b 100644 (file)
--- a/mkosi/distributions/fedora.py
+++ b/mkosi/distributions/fedora.py
@@ -1,6 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
+import re
 from collections.abc import Iterable, Sequence
+from pathlib import Path
 
 from mkosi.config import Architecture, Config
 from mkosi.context import Context
@@ -23,6 +25,19 @@ def find_fedora_rpm_gpgkeys(context: Context) -> Iterable[str]:
     key2 = find_rpm_gpgkey(context, key=f"RPM-GPG-KEY-fedora-{context.config.release}-secondary")
 
     if key1:
+        # During branching, there is always a kerfuffle with the key transition.
+        # For Rawhide, try to load the N+1 key, just in case our local configuration
+        # still indicates that Rawhide==N, but really Rawhide==N+1.
+        if context.config.release == "rawhide" and key1.startswith("file://"):
+            path = Path(key1.removeprefix("file://")).resolve()
+            if m := re.match(r"RPM-GPG-KEY-fedora-(\d+)-(primary|secondary)", path.name):
+                version = int(m.group(1))
+                if key3 := find_rpm_gpgkey(context, key=f"RPM-GPG-KEY-fedora-{version + 1}-primary"):
+                    # We yield the resolved path for key1, to make it clear that it's
+                    # for version N, and the other key is for version N+1.
+                    key1 = path.as_uri()
+                    yield key3
+
         yield key1
     if key2:
         yield key2