]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
projects / thirdparty / mkosi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb0e181)
rpm: Fix root locations for GPG searching 3475/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 6 Feb 2025 11:05:05 +0000 (12:05 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 6 Feb 2025 11:40:37 +0000 (12:40 +0100)
We should always look in the tools tree for /usr/share/distribution-gpg-keys,
regardless of the value of ToolsTreeCertificates= since the setting has no
impact on which /usr/share/distribution-gpg-keys directory we end up using.

We should look in the host or tools tree for /etc/pki/rpm-gpg, based on the
value of ToolsTreeCertificates=, not in the sandbox tree, because the /etc/pki
directory from the host or tools tree will always be used and mounted over the
directory from the sandbox tree, so there's no point in looking for rpm gpg keys
in the sandbox tree at all.

mkosi/installer/rpm.py patch | blob | blame | history

diff --git a/mkosi/installer/rpm.py b/mkosi/installer/rpm.py
index b8dcc55416b0cd5505a0363a72a6ba306b6e5558..c6afd06f86e935164e57df8c347b971ccac00569 100644 (file)
--- a/mkosi/installer/rpm.py
+++ b/mkosi/installer/rpm.py
@@ -52,15 +52,18 @@ def find_rpm_gpgkey(
     *,
     required: bool = True,
 ) -> Optional[str]:
-    root = context.config.tools() if context.config.tools_tree_certificates else Path("/")
-
     # We assume here that GPG keys will only ever be relative symlinks and never absolute symlinks.
 
-    if gpgpath := next((root / "usr/share/distribution-gpg-keys").rglob(key), None):
-        return (Path("/") / gpgpath.resolve().relative_to(root)).as_uri()
+    if gpgpath := next((context.config.tools() / "usr/share/distribution-gpg-keys").rglob(key), None):
+        return (Path("/") / gpgpath.resolve().relative_to(context.config.tools())).as_uri()
 
-    if gpgpath := next(Path(context.sandbox_tree / "etc/pki/rpm-gpg").rglob(key), None):
-        return (Path("/") / gpgpath.resolve().relative_to(context.sandbox_tree)).as_uri()
+    # ToolsTreeCertificates= only applies to certificates but the rpm gpg keys in /etc are located within the
+    # /etc/pki certificates directory so as a result the option has to apply to the rpm gpg keys in /etc as
+    # well
+    root = context.config.tools() if context.config.tools_tree_certificates else Path("/")
+
+    if gpgpath := next(Path(root / "etc/pki/rpm-gpg").rglob(key), None):
+        return (Path("/") / gpgpath.resolve().relative_to(root)).as_uri()
 
     if fallback and context.config.repository_key_fetch:
         return fallback
Mirror of https://github.com/systemd/mkosi.git