From 72e1e7217b0cfe61ba29821bee45368eb8dd67ce Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Wed, 10 Jun 2020 13:37:04 +0200
Subject: [PATCH] stages/rpm: allow check_gpg to be omitted

This brings it in line with the JSON schema. Also fix a bug where the
wrong root was used for checking the signatures.

Signed-off-by: Tom Gundersen <teg@jklm.no>
---
 stages/org.osbuild.rpm | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/stages/org.osbuild.rpm b/stages/org.osbuild.rpm
index 23b8da85..16a44d78 100755
--- a/stages/org.osbuild.rpm
+++ b/stages/org.osbuild.rpm
@@ -101,12 +101,13 @@ def main(tree, sources, options):
     osbuild.sources.get("org.osbuild.files", checksums)
 
     for pkg in packages:
-        if pkg["check_gpg"]:
-            subprocess.run(
-                ["rpmkeys", "--checksig", pkg["checksum"]],
-                cwd=f"{sources}/org.osbuild.files",
-                stdout=subprocess.DEVNULL,
-                check=True)
+        if pkg.get("check_gpg"):
+            subprocess.run([
+                "rpmkeys",
+                "--root", tree,
+                "--checksig",
+                pkg["checksum"]
+            ], cwd=f"{sources}/org.osbuild.files", stdout=subprocess.DEVNULL, check=True)
 
     script = f"""
         set -e