Skip to content

Commit

Permalink
Merge pull request #5293 from cgwalters/gpgkey-more-pain
Browse files Browse the repository at this point in the history 
compose-rootfs: Fix gpgkey= with Fedora examples
  • Loading branch information
@cgwalters
cgwalters authored Feb 11, 2025
2 parents 194334f + 380b9c3 commit e1d43ae
Showing 1 changed file with 63 additions and 19 deletions.
82 changes: 63 additions & 19 deletions rust/src/compose.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// SPDX-License-Identifier: Apache-2.0 OR MIT

use std::borrow::Cow;
use std::ffi::OsStr;
use std::fs::File;
use std::io::{BufRead, BufReader, BufWriter, Write};
Expand Down Expand Up @@ -346,26 +347,50 @@ fn mutate_one_dnf_repo(
writeln!(w, "{line}")?;
continue;
};
// If the gpg key isn't a local file, pass through the line.
let Some(relpath) = value
.strip_prefix("file://")
.and_then(|path| path.strip_prefix('/'))
else {
writeln!(w, "{line}")?;
continue;
};
// If it doesn't exist in the source root, then assume the absolute
// reference is intentional.
let target_repo_file = source_root.join(relpath);
if !exec_root.try_exists(&target_repo_file)? {
let mut gpg_modified = false;
let mut updated_gpgkeys: Vec<Cow<str>> = Vec::new();
for key in value.split_ascii_whitespace() {
// If the gpg key isn't a local file, pass through the line.
let Some(relpath) = key
.strip_prefix("file://")
.and_then(|path| path.strip_prefix('/'))
else {
updated_gpgkeys.push(key.into());
continue;
};
// Handling variable substitutions here is painful, so we punt
// if we find them and assume they should always be under the source root.
let contains_varsubst = relpath.contains('$');
// If it doesn't exist in the source root, then assume the absolute
// reference is intentional.
let target_repo_file = source_root.join(relpath);
if !contains_varsubst && !exec_root.try_exists(&target_repo_file)? {
tracing::debug!("Not present under source root: {target_repo_file}");
updated_gpgkeys.push(key.into());
continue;
}
gpg_modified = true;
updated_gpgkeys.push(Cow::Owned(format!("file:///{target_repo_file}")));
}
if gpg_modified {
modified = true;
write!(w, "gpgkey=")?;
for (i, key) in updated_gpgkeys.iter().enumerate() {
if i != 0 {
write!(w, " ")?;
}
write!(w, "{key}")?;
}
writeln!(w)?;
} else {
writeln!(w, "{line}")?;
continue;
}
modified = true;
writeln!(w, "gpgkey=file:///{target_repo_file}")?;
}
if modified {
tracing::debug!("Updated {name}");
reposdir.write(name, w)?;
} else {
tracing::debug!("Unchanged repo file: {name}");
}
Ok(())
}
Expand Down Expand Up @@ -1170,17 +1195,36 @@ mod tests {
baseurl=other
gpgkey=file:///etc/pki/rpm-gpg/repo2.key
[repo4]
baseurl=other
# These keys don't exist in the source root, but we rewrite anyways
gpgkey=file:///etc/pki/rpm-gpg/some-key-with-$releasever-and-$basearch file:///etc/pki/rpm-gpg/another-key-with-$releasever-and-$basearch
[repo3]
baseurl=blah
gpgkey=file:///absolute/path/not-in-source-root
"#};
rootfs.write("repos/etc/yum.repos.d/test.repo", orig_repo_content)?;
mutate_source_root(rootfs, "repos".into()).unwrap();
let found_repos = rootfs.read_to_string("repos/etc/yum.repos.d/test.repo")?;
let expected = orig_repo_content.replace(
"gpgkey=file:///etc/pki/rpm-gpg/repo2.key",
"gpgkey=file:///repos/etc/pki/rpm-gpg/repo2.key",
);
let expected = indoc::indoc! { r#"
[repo]
baseurl=blah
gpgkey=https://example.com
[repo2]
baseurl=other
gpgkey=file:///repos/etc/pki/rpm-gpg/repo2.key
[repo4]
baseurl=other
# These keys don't exist in the source root, but we rewrite anyways
gpgkey=file:///repos/etc/pki/rpm-gpg/some-key-with-$releasever-and-$basearch file:///repos/etc/pki/rpm-gpg/another-key-with-$releasever-and-$basearch
[repo3]
baseurl=blah
gpgkey=file:///absolute/path/not-in-source-root
"#};
similar_asserts::assert_eq!(expected, found_repos);

Ok(())
Expand Down

0 comments on commit e1d43ae

Please sign in to comment.