From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 1 Apr 2025 08:49:44 +0000 (+0200)
Subject: initrd: Copy Arch Linux keyring from host when running as root
X-Git-Tag: v26~284^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd5916bb43497c2b30b608b91d9674469e57fbb8;p=thirdparty%2Fmkosi.git

initrd: Copy Arch Linux keyring from host when running as root

When running as root, we run with --cache-only=metadata, which means
we won't try to sync the keyring, so let's reuse the one from the host
to make sure that a keyring is available.

Fixes #3635
---

diff --git a/mkosi/initrd.py b/mkosi/initrd.py
index f0f2aaad1..5948b7117 100644
--- a/mkosi/initrd.py
+++ b/mkosi/initrd.py
@@ -365,7 +365,11 @@ def main() -> None:
                 shutil.copytree(
                     Path("/etc") / p,
                     Path(sandbox_tree) / "etc" / p,
-                    ignore=shutil.ignore_patterns("gnupg"),
+                    # If we're running as root, use the keyring from the host, but make sure we don't try to
+                    # copy any gpg-agent sockets that might be in /etc/pacman.d/gnupg. If we're not running
+                    # as root, we might not have the necessary permissions to access the keyring so don't try
+                    # to copy the keyring in that case.
+                    ignore=shutil.ignore_patterns("S.*" if os.getuid() == 0 else "gnupg"),
                     dirs_exist_ok=True,
                 )