stages/rpm: allow check_gpg to be omitted

This brings it in line with the JSON schema. Also fix a bug where the wrong root was used for checking the signatures. Signed-off-by: Tom Gundersen <teg@jklm.no>
2020-06-10 13:37:04 +02:00 · 2020-06-10 13:37:04 +02:00 · 72e1e7217b
commit 72e1e7217b
parent b0bf9c9392
1 changed files with 7 additions and 6 deletions
--- a/stages/org.osbuild.rpm
+++ b/stages/org.osbuild.rpm
@ -101,12 +101,13 @@ def main(tree, sources, options):
    osbuild.sources.get("org.osbuild.files", checksums)

    for pkg in packages:
-        if pkg["check_gpg"]:
-            subprocess.run(
-                ["rpmkeys", "--checksig", pkg["checksum"]],
-                cwd=f"{sources}/org.osbuild.files",
-                stdout=subprocess.DEVNULL,
-                check=True)
+        if pkg.get("check_gpg"):
+            subprocess.run([
+                "rpmkeys",
+                "--root", tree,
+                "--checksig",
+                pkg["checksum"]
+            ], cwd=f"{sources}/org.osbuild.files", stdout=subprocess.DEVNULL, check=True)

    script = f"""
        set -e