--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+from pathlib import Path
+
+from mkosi.config import Config
+from mkosi.mounts import finalize_crypto_mounts
+from mkosi.run import run
+
+
+def curl(config: Config, url: str, output_dir: Path) -> None:
+ run(
+ [
+ "curl",
+ "--location",
+ "--output-dir", output_dir,
+ "--remote-name",
+ "--no-progress-meter",
+ "--fail",
+ *(["--proxy", config.proxy_url] if config.proxy_url else []),
+ *(["--noproxy", ",".join(config.proxy_exclude)] if config.proxy_exclude else []),
+ *(["--proxy-capath", "/proxy.cacert"] if config.proxy_peer_certificate else []),
+ *(["--proxy-cert", "/proxy.clientcert"] if config.proxy_client_certificate else []),
+ *(["--proxy-key", "/proxy.clientkey"] if config.proxy_client_key else []),
+ url,
+ ],
+ sandbox=config.sandbox(
+ binary="curl",
+ network=True,
+ options=["--bind", output_dir, output_dir, *finalize_crypto_mounts(config)],
+ ),
+ )
# SPDX-License-Identifier: LGPL-2.1-or-later
import re
+import tempfile
from collections.abc import Iterable, Sequence
from pathlib import Path
from mkosi.config import Architecture, Config
from mkosi.context import Context
+from mkosi.curl import curl
from mkosi.distributions import (
DistributionInstaller,
PackageType,
die("Fedora GPG keys not found in /usr/share/distribution-gpg-keys",
hint="Make sure the distribution-gpg-keys package is installed")
- yield "https://fedoraproject.org/fedora.gpg"
+ if context.config.release == "rawhide":
+ # https://fedoraproject.org/fedora.gpg is always outdated when the rawhide key changes. Instead, let's
+ # fetch it from distribution-gpg-keys on github, which is generally up-to-date.
+ keys = "https://raw.githubusercontent.com/rpm-software-management/distribution-gpg-keys/main/keys/fedora"
+
+ # The rawhide key is a symlink and github doesn't redirect those to the actual file for some reason, so we
+ # fetch the file and read the release it points to ourselves.
+ with tempfile.TemporaryDirectory() as d:
+ curl(context.config, f"{keys}/RPM-GPG-KEY-fedora-rawhide-primary", Path(d))
+ key = (Path(d) / "RPM-GPG-KEY-fedora-rawhide-primary").read_text()
+
+ keyurl = f"{keys}/{key}"
+ else:
+ keyurl = "https://fedoraproject.org/fedora.gpg"
+
+ yield keyurl
class Installer(DistributionInstaller):
from mkosi.config import Architecture, Config
from mkosi.context import Context
+from mkosi.curl import curl
from mkosi.distributions import DistributionInstaller, PackageType, join_mirror
from mkosi.installer import PackageManager
from mkosi.installer.dnf import Dnf
gpgurls = [f"{repourl}/repodata/repomd.xml.key"]
with tempfile.TemporaryDirectory() as d:
- run(
- [
- "curl",
- "--location",
- "--output-dir", d,
- "--remote-name",
- "--no-progress-meter",
- "--fail",
- *(["--proxy", context.config.proxy_url] if context.config.proxy_url else []),
- *(["--noproxy", ",".join(context.config.proxy_exclude)] if context.config.proxy_exclude else []),
- *(["--proxy-capath", "/proxy.cacert"] if context.config.proxy_peer_certificate else []),
- *(["--proxy-cert", "/proxy.clientcert"] if context.config.proxy_client_certificate else []),
- *(["--proxy-key", "/proxy.clientkey"] if context.config.proxy_client_key else []),
- f"{repourl}/repodata/repomd.xml",
- ],
- sandbox=context.sandbox(
- binary="curl",
- network=True,
- options=["--bind", d, d, *finalize_crypto_mounts(context.config)],
- ),
- )
+ curl(context.config, f"{repourl}/repodata/repomd.xml", Path(d))
xml = (Path(d) / "repomd.xml").read_text()
root = ElementTree.fromstring(xml)
projects / thirdparty / mkosi.git / commitdiff
