osbuild2: honor GPG key setting for rpm inputs

We should honour `pkg.CheckGPG` when creating the file inputs for the rpm stage. This was lost in the transition from v1 to v2 manifests. Regenerate image test manifests. Co-authored-by: Tomas Hozza <thozza@redhat.com> Signed-off-by: Tomas Hozza <thozza@redhat.com>
2022-03-11 10:15:40 +01:00 · 2022-03-11 10:15:40 +01:00 · 45b1fc3cd1
commit 45b1fc3cd1
parent 947acf74ab
199 changed files with 357429 additions and 181024 deletions
--- a/internal/osbuild2/rpm_stage.go
+++ b/internal/osbuild2/rpm_stage.go
@ -46,7 +46,31 @@ type RPMStageInput struct {

 func (RPMStageInput) isStageInput() {}

-type RPMStageReferences []string
+// RPM package reference metadata
+type RPMStageReferenceMetadata struct {
+	// This option defaults to `false`, therefore it does not need to be
+	// defined as pointer to bool and can be omitted.
+	CheckGPG bool `json:"rpm.check_gpg,omitempty"`
+}
+
+type RPMStageReference struct {
+	Metadata *RPMStageReferenceMetadata `json:"metadata,omitempty"`
+}
+
+// References to RPM packages defined in JSON as:
+//
+// "sha256:<...>": {
+//    "metadata": {
+//	    "rpm.check_gpg": <boolean>
+//    }
+// },
+// "sha256:<...>": {
+//    "metadata": {
+//	    "rpm.check_gpg": <boolean>
+//    }
+// }
+// ...
+type RPMStageReferences map[string]*RPMStageReference

 func (RPMStageReferences) isReferences() {}

@ -120,9 +144,14 @@ func NewRpmStageSourceFilesInputs(specs []rpmmd.PackageSpec) *RPMStageInputs {
 }

 func pkgRefs(specs []rpmmd.PackageSpec) RPMStageReferences {
-	refs := make([]string, len(specs))
-	for idx, pkg := range specs {
-		refs[idx] = pkg.Checksum
+	refs := make(RPMStageReferences, len(specs))
+	for _, pkg := range specs {
+		refs[pkg.Checksum] = &RPMStageReference{}
+		if pkg.CheckGPG {
+			refs[pkg.Checksum].Metadata = &RPMStageReferenceMetadata{
+				CheckGPG: pkg.CheckGPG,
+			}
+		}
 	}
 	return refs
 }
--- a/internal/osbuild2/stage_test.go
+++ b/internal/osbuild2/stage_test.go
@ -818,8 +818,12 @@ func TestStageV2_UnmarshalJSON(t *testing.T) {
 				Inputs: &RPMStageInputs{
 					Packages: &RPMStageInput{
 						References: RPMStageReferences{
-							"checksum1",
-							"checksum2",
+							"checksum1": &RPMStageReference{},
+							"checksum2": &RPMStageReference{
+								Metadata: &RPMStageReferenceMetadata{
+									CheckGPG: true,
+								},
+							},
 						},
 					},
 				},
@ -828,7 +832,7 @@ func TestStageV2_UnmarshalJSON(t *testing.T) {
 				},
 			},
 			args: args{
-				data: []byte(`{"type":"org.osbuild.rpm","inputs":{"packages":{"type":"","origin":"","references":["checksum1","checksum2"]}},"options":{"gpgkeys":["key1","key2"]}}`),
+				data: []byte(`{"type":"org.osbuild.rpm","inputs":{"packages":{"type":"","origin":"","references":{"checksum1":{},"checksum2":{"metadata":{"rpm.check_gpg":true}}}}},"options":{"gpgkeys":["key1","key2"]}}`),
 			},
 		},
 		{