f2edc02cac
Since lorax is running as a separate process, it no longer use repositories objects setup by pykickstart (which is already patched to support gpgkey). This means we need somehow pass that info, otherwise packages will not be verified. QubesOS/qubes-issues#1807
67 lines
3.0 KiB
Diff
67 lines
3.0 KiB
Diff
From 7adfe384c4eea406ec9c4d2445ebac1a3e986d05 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
|
<marmarek@invisiblethingslab.com>
|
|
Date: Thu, 21 Apr 2016 02:15:54 +0200
|
|
Subject: [PATCH] Allow specify gpg key for a repository
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
Organization: Invisible Things Lab
|
|
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
|
|
|
Quite hacky way, but current command line syntax doesn't support
|
|
additional per-repository settings.
|
|
|
|
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
|
---
|
|
src/sbin/lorax | 14 ++++++++++++--
|
|
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/sbin/lorax b/src/sbin/lorax
|
|
index f92aeb9..831fc6b 100755
|
|
--- a/src/sbin/lorax
|
|
+++ b/src/sbin/lorax
|
|
@@ -60,13 +60,13 @@ def main(args):
|
|
required.add_argument("-p", "--product", help="product name", required=True, metavar="STRING")
|
|
required.add_argument("-v", "--version", help="version identifier", required=True, metavar="STRING")
|
|
required.add_argument("-r", "--release", help="release information", required=True, metavar="STRING")
|
|
- required.add_argument("-s", "--source", help="source repository (may be listed multiple times)",
|
|
+ required.add_argument("-s", "--source", help="source repository (may be listed multiple times), append gpgkey URL in brackets to enable package verification",
|
|
metavar="REPOSITORY", action="append", default=[], required=True)
|
|
|
|
# optional arguments
|
|
optional = parser.add_argument_group("optional arguments")
|
|
optional.add_argument("-m", "--mirrorlist",
|
|
- help="mirrorlist repository (may be listed multiple times)",
|
|
+ help="mirrorlist repository (may be listed multiple times), append gpgkey URL in brackets to enable package verification",
|
|
metavar="REPOSITORY", action="append", default=[])
|
|
optional.add_argument("-t", "--variant",
|
|
help="variant name", metavar="STRING")
|
|
@@ -274,6 +274,11 @@ def get_dnf_base_object(installroot, repositories, mirrorlists=None,
|
|
continue
|
|
repo_name = "lorax-repo-%d" % i
|
|
repo = dnf.repo.Repo(repo_name, cachedir)
|
|
+ if '(' in r and ')' in r:
|
|
+ assert r[-1] == ')'
|
|
+ r, gpgkey = r[:-1].split('(')
|
|
+ repo.gpgkey = [gpgkey]
|
|
+ repo.gpgcheck = True
|
|
repo.baseurl = [r]
|
|
if proxy:
|
|
repo.proxy = proxy
|
|
@@ -294,6 +299,11 @@ def get_dnf_base_object(installroot, repositories, mirrorlists=None,
|
|
continue
|
|
repo_name = "lorax-mirrorlist-%d" % i
|
|
repo = dnf.repo.Repo(repo_name, cachedir)
|
|
+ if '(' in r and ')' in r:
|
|
+ assert r[-1] == ')'
|
|
+ r, gpgkey = r[:-1].split('(')
|
|
+ repo.gpgkey = [gpgkey]
|
|
+ repo.gpgcheck = True
|
|
repo.mirrorlist = r
|
|
if proxy:
|
|
repo.proxy = proxy
|
|
--
|
|
2.1.0
|
|
|