typing: Fix typing error when calling add_signer()

The add_signer() method of PKCS7SignatureBuilder only supports a
subset of the key types returned by load_pem_private_key() so let's
make sure the loaded key is of one of the supported types to fix
the error.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 51226df92eb903aa5cf9a4b9b1c493ecddd84efb..f95696bb8cd1dfb9b5f5de98e910ca574990d35b 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -3950,6 +3950,7 @@ def make_verity_sig(
 
     from cryptography import x509
     from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import ec, rsa
     from cryptography.hazmat.primitives.serialization import pkcs7
 
     with complete_step("Signing verity root hash…"):
@@ -3957,6 +3958,9 @@ def make_verity_sig(
         key = serialization.load_pem_private_key(args.secure_boot_key.read_bytes(), password=None)
         certificate = x509.load_pem_x509_certificate(args.secure_boot_certificate.read_bytes())
 
+        if not isinstance(key, (ec.EllipticCurvePrivateKey, rsa.RSAPrivateKey)):
+            die(f"Secure boot key has unsupported type {type(key)}")
+
         fingerprint = certificate.fingerprint(hashes.SHA256()).hex()
 
         sigbytes = pkcs7.PKCS7SignatureBuilder().add_signer(