From 2532c07985bcea742de58fbf0526271312b18596 Mon Sep 17 00:00:00 2001 From: Michael A Cassaniti Date: Wed, 26 Apr 2023 14:32:12 +1000 Subject: [PATCH] hash signing: Use keyring of running user for non-root builds `gpg` will attempt to use the root user keyring When running as a non-root user instead of using the keyring of the user that is executing `mkosi`. This change will attempt to use the keyring given by `GNUPGHOME` and fallback to using `~/.gnupg`. --- mkosi/__init__.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 6cddc2dc4..9f6442074 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -848,7 +848,21 @@ def calculate_signature(state: MkosiState) -> None: state.staging / state.config.output_checksum.name, ] - run(cmdline) + run( + cmdline, + # Do not output warnings about keyring permissions + stderr=subprocess.DEVNULL, + env={ + # Set the path of the keyring to use based on the environment + # if possible and fallback to the default path. Without this the + # keyring for the root user will instead be used which will fail + # for a non-root build. + 'GNUPGHOME': os.environ.get( + 'GNUPGHOME', + Path(os.environ['HOME']).joinpath('.gnupg') + ) + } + ) def acl_toggle_remove(config: MkosiConfig, root: Path, uid: int, *, allow: bool) -> None: -- 2.47.2