From: Joerg Behrmann <behrmann@physik.fu-berlin.de>
Date: Wed, 7 Jun 2023 13:03:19 +0000 (+0200)
Subject: debian: use trusted keys from package manager tree if they exist
X-Git-Tag: v15~120^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00695cd9c273e3dd3d4d681ea7620fbacf88873d;p=thirdparty%2Fmkosi.git

debian: use trusted keys from package manager tree if they exist
---

diff --git a/mkosi/distributions/debian.py b/mkosi/distributions/debian.py
index ac5c55c94..e5d54b3ab 100644
--- a/mkosi/distributions/debian.py
+++ b/mkosi/distributions/debian.py
@@ -175,6 +175,11 @@ def setup_apt(state: MkosiState, repos: Sequence[str]) -> None:
     config = state.pkgmngr / "etc/apt/apt.conf"
     debarch = state.installer.architecture(state.config.architecture)
 
+    trustedkeys = state.pkgmngr / "etc/apt/trusted.gpg"
+    trustedkeys = trustedkeys if trustedkeys.exists() else f"/usr/share/keyrings/{state.config.release}-archive-keyring"
+    trustedkeys_dir = state.pkgmngr / "etc/apt/trusted.gpg.d"
+    trustedkeys_dir = trustedkeys_dir if trustedkeys_dir.exists() else "/usr/share/keyrings"
+
     config.write_text(
         dedent(
             f"""\
@@ -191,8 +196,8 @@ def setup_apt(state: MkosiState, repos: Sequence[str]) -> None:
             Dir::State "{state.pkgmngr / "var/lib/apt"}";
             Dir::State::status "{state.root / "var/lib/dpkg/status"}";
             Dir::Etc "{state.pkgmngr / "etc/apt"}";
-            Dir::Etc::trusted "/usr/share/keyrings/{state.config.release}-archive-keyring";
-            Dir::Etc::trustedparts "/usr/share/keyrings";
+            Dir::Etc::trusted "{trustedkeys}";
+            Dir::Etc::trustedparts "{trustedkeys_dir}";
             Dir::Log "{state.pkgmngr / "var/log/apt"}";
             Dir::Bin::dpkg "{shutil.which("dpkg")}";
             Debug::NoLocking "true";