From: Zbigniew Jędrzejewski-Szmek Date: Fri, 16 Feb 2024 16:21:43 +0000 (+0100) Subject: fedora: for rawhide, also load key for FN+1 just in case X-Git-Tag: v21~48^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f221562c945a48db9384f8521f67b9b02cd71ac1;p=thirdparty%2Fmkosi.git fedora: for rawhide, also load key for FN+1 just in case See the commit for explanation. This fixes a problem where during each Fedora upgrades, the local key for rawhide points to e.g. F40, but Fedora has already branched and rawhide is actually F41. We may specify an additional key, that will be used a future version, but that doesn't really matter, we assume all keys as equally good. --- diff --git a/mkosi/distributions/fedora.py b/mkosi/distributions/fedora.py index d4d3a666a..05bea47e4 100644 --- a/mkosi/distributions/fedora.py +++ b/mkosi/distributions/fedora.py @@ -1,6 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1+ +import re from collections.abc import Iterable, Sequence +from pathlib import Path from mkosi.config import Architecture, Config from mkosi.context import Context @@ -23,6 +25,19 @@ def find_fedora_rpm_gpgkeys(context: Context) -> Iterable[str]: key2 = find_rpm_gpgkey(context, key=f"RPM-GPG-KEY-fedora-{context.config.release}-secondary") if key1: + # During branching, there is always a kerfuffle with the key transition. + # For Rawhide, try to load the N+1 key, just in case our local configuration + # still indicates that Rawhide==N, but really Rawhide==N+1. + if context.config.release == "rawhide" and key1.startswith("file://"): + path = Path(key1.removeprefix("file://")).resolve() + if m := re.match(r"RPM-GPG-KEY-fedora-(\d+)-(primary|secondary)", path.name): + version = int(m.group(1)) + if key3 := find_rpm_gpgkey(context, key=f"RPM-GPG-KEY-fedora-{version + 1}-primary"): + # We yield the resolved path for key1, to make it clear that it's + # for version N, and the other key is for version N+1. + key1 = path.as_uri() + yield key3 + yield key1 if key2: yield key2