From: Daan De Meyer Date: Fri, 12 Jan 2024 09:33:26 +0000 (+0100) Subject: Allow gpg access to /run/pscsd/pscsd.comm on the host if it exists X-Git-Tag: v20.1~4^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57a2de0e449c47dc57980553e8a701f08a4082de;p=thirdparty%2Fmkosi.git Allow gpg access to /run/pscsd/pscsd.comm on the host if it exists This is required for gpg to communicate with pscsd for interaction with smartcards so let's mount it in if it exists. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 56c4c859d..7ba235b0b 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -1974,18 +1974,18 @@ def calculate_signature(context: Context) -> None: if sys.stderr.isatty(): env |= dict(GPGTTY=os.ttyname(sys.stderr.fileno())) + options: list[PathString] = ["--perms", "755", "--dir", home, "--bind", home, home] + + # gpg can communicate with smartcard readers via this socket so bind mount it in if it exists. + if (p := Path("/run/pcscd/pcscd.comm")).exists(): + options += ["--perms", "755", "--dir", p.parent, "--bind", p, p] + with ( complete_step("Signing SHA256SUMS…"), open(context.staging / context.config.output_checksum, "rb") as i, open(context.staging / context.config.output_signature, "wb") as o, ): - run( - cmdline, - env=env, - stdin=i, - stdout=o, - sandbox=context.sandbox(options=["--perms", "755", "--dir", home, "--bind", home, home]), - ) + run(cmdline, env=env, stdin=i, stdout=o, sandbox=context.sandbox(options=options)) def dir_size(path: Union[Path, os.DirEntry[str]]) -> int: