packages/build: add pkg signing

packages/build.py

@@ -16,6 +16,7 @@ from exec.cmd import run_cmd, run_root_cmd
 from exec.file import makedir, remove_file, symlink
 from chroot.build import get_build_chroot, BuildChroot
 from distro.distro import get_kupfer_https, get_kupfer_local, get_kupfer_repo_names
+from distro.gpg import init_keys, GPG_HOME_DIR
 from distro.package import RemotePackage, LocalPackage
 from distro.repo import LocalRepo
 from progressbar import BAR_PADDING, get_levels_bar
@@ -213,6 +214,14 @@ def add_file_to_repo(file_path: str, repo_name: str, arch: Arch, remove_original
         )
         if remove_original:
             remove_file(file_path)
+        sig_file = "{file_path}.sig"
+        if os.path.exists(sig_file):
+            shutil.copy(
+                sig_file,
+                repo_dir,
+            )
+            if remove_original:
+                remove_file(sig_file)
 
     # clean up same name package from pacman cache
     cache_file = os.path.join(pacman_cache_dir, file_name)
@@ -602,6 +611,13 @@ def build_package(
     makepkg_conf_absolute = os.path.join('/', makepkg_conf_path)
 
     build_cmd = ['source', '/etc/profile', '&&', *MAKEPKG_CMD, '--config', makepkg_conf_absolute, '--skippgpcheck', *makepkg_compile_opts]
+    if config.file.build.sign_pkgs:
+        logging.debug("Package signing requested; adding makepkg args and GNUPGHOME env var")
+        init_keys(config.get_path("gpg"), lazy=True)
+        assert config.runtime.gpg_pkg_key
+        build_cmd.extend(["--sign", "--key", config.runtime.gpg_pkg_key])
+        env["GNUPGHOME"] = os.path.join(CHROOT_PATHS["gpg"], GPG_HOME_DIR)
+        target_chroot.mount_gpg()
     logging.debug(f'Building: Running {build_cmd}')
     result = build_root.run_cmd(
         build_cmd,