From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 1 Apr 2025 08:49:04 +0000 (+0200)
Subject: pacman: Don't mount keyring dir if it's empty
X-Git-Tag: v26~284^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15f8a611660e44d0e6e5c7cba962ba7b47ba465c;p=thirdparty%2Fmkosi.git

pacman: Don't mount keyring dir if it's empty

This allows providing the keyring via sandbox trees which we'll make
use of in mkosi-initrd.
---

diff --git a/mkosi/installer/pacman.py b/mkosi/installer/pacman.py
index 9755b9992..08d8e0f56 100644
--- a/mkosi/installer/pacman.py
+++ b/mkosi/installer/pacman.py
@@ -59,9 +59,11 @@ class Pacman(PackageManager):
             # pacman writes downloaded packages to the first writable cache directory. We don't want it to
             # write to our local repository directory so we expose it as a read-only directory to pacman.
             "--ro-bind", context.repository, "/var/cache/pacman/mkosi",
-            "--ro-bind", context.keyring_dir, "/etc/pacman.d/gnupg",
         ]  # fmt: skip
 
+        if any(context.keyring_dir.iterdir()):
+            mounts += ["--ro-bind", context.keyring_dir, "/etc/pacman.d/gnupg"]
+
         if (context.root / "var/lib/pacman/local").exists():
             # pacman reuses the same directory for the sync databases and the local database containing the
             # list of installed packages. The former should go in the cache directory, the latter should go