stages/ostree.remotes: support gpgkeypath

OSTree remotes can be configured to import keys from a file on disk or a directory containing multiple keys. When specified, explicitly enables gpg-verify=true.
2022-08-22 16:22:36 +02:00 · 2022-08-22 16:22:36 +02:00 · 2bff83364b
commit 2bff83364b
parent 135b20a487
1 changed files with 13 additions and 1 deletions
--- a/stages/org.osbuild.ostree.remotes
+++ b/stages/org.osbuild.ostree.remotes
@ -48,6 +48,13 @@ SCHEMA = """
            "description": "GPG keys for the remote to verify commits",
            "type": "string"
          }
+        },
+        "gpgkeypaths": {
+          "type": "array",
+          "items": {
+            "description": "Path to ASCII-armored GPG key or directory containing ASCII-armored GPG keys to import",
+            "type": "string"
+          }
        }
      }
    }
@ -77,9 +84,14 @@ def main(tree, options):
        url = remote["url"]
        branches = remote.get("branches", [])
        gpgkeys = remote.get("gpgkeys", [])
+        gpgkeypaths = remote.get("gpgkeypaths", [])

        extra_args = []
-        if not gpgkeys:
+        if gpgkeypaths:
+            paths = ",".join(gpgkeypaths)
+            extra_args.append(f"--set=gpgkeypath={paths}")
+            extra_args.append("--set=gpg-verify=true")
+        elif not gpgkeys:
            extra_args += ["--no-gpg-verify"]

        ostree("remote", "add",