From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 6 Feb 2025 10:26:48 +0000 (+0100)
Subject: fedora: Do GPG key symlink resolution in find_rpm_gpgkey()
X-Git-Tag: v26~413^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb0e181fca771043a40c804fab8e5755733bd9a0;p=thirdparty%2Fmkosi.git

fedora: Do GPG key symlink resolution in find_rpm_gpgkey()

We have to resolve the symlink within the tools tree if there is
one, so let's handle this in find_rpm_gpgkey() instead of outside.
---

diff --git a/mkosi/distributions/fedora.py b/mkosi/distributions/fedora.py
index 11f93cba5..5e8af9c5f 100644
--- a/mkosi/distributions/fedora.py
+++ b/mkosi/distributions/fedora.py
@@ -37,17 +37,13 @@ def find_fedora_rpm_gpgkeys(context: Context) -> Iterable[str]:
         # For Rawhide, try to load the N+1 key, just in case our local configuration
         # still indicates that Rawhide==N, but really Rawhide==N+1.
         if context.config.release == "rawhide" and (rhs := startswith(key1, "file://")):
-            path = Path(rhs).resolve()
-            if m := versionre.match(path.name):
+            if m := versionre.match(Path(rhs).name):
                 version = int(m.group(1))
                 if key3 := find_rpm_gpgkey(
                     context,
                     key=f"RPM-GPG-KEY-fedora-{version + 1}-primary",
                     required=False,
                 ):
-                    # We yield the resolved path for key1, to make it clear that it's
-                    # for version N, and the other key is for version N+1.
-                    key1 = path.as_uri()
                     yield key3
 
         yield key1
diff --git a/mkosi/installer/rpm.py b/mkosi/installer/rpm.py
index b3347502a..b8dcc5541 100644
--- a/mkosi/installer/rpm.py
+++ b/mkosi/installer/rpm.py
@@ -54,11 +54,13 @@ def find_rpm_gpgkey(
 ) -> Optional[str]:
     root = context.config.tools() if context.config.tools_tree_certificates else Path("/")
 
+    # We assume here that GPG keys will only ever be relative symlinks and never absolute symlinks.
+
     if gpgpath := next((root / "usr/share/distribution-gpg-keys").rglob(key), None):
-        return (Path("/") / gpgpath.relative_to(root)).as_uri()
+        return (Path("/") / gpgpath.resolve().relative_to(root)).as_uri()
 
     if gpgpath := next(Path(context.sandbox_tree / "etc/pki/rpm-gpg").rglob(key), None):
-        return (Path("/") / gpgpath.relative_to(context.sandbox_tree)).as_uri()
+        return (Path("/") / gpgpath.resolve().relative_to(context.sandbox_tree)).as_uri()
 
     if fallback and context.config.repository_key_fetch:
         return fallback