WIP: keyrings 2

constants.py

@@ -62,7 +62,6 @@ KEYRINGS_LOCAL_KEY = 'local_keyring'
 KEYRING_REMOTE_NAME = "kupfer-keyring"
 KEYRINGS_LOCAL_NAME = KEYRING_REMOTE_NAME + '-local'
 
-
 ALARM_REPOS = {
     'core': 'http://mirror.archlinuxarm.org/$arch/$repo',
     'extra': 'http://mirror.archlinuxarm.org/$arch/$repo',
@@ -85,8 +84,8 @@ BASE_DISTROS: dict[DistroArch, dict[str, Union[dict[str, str], list[str]]]] = {
         },
         KEYRINGS_KEY: ['archlinux-keyring'],
     },
-    'aarch64': ALARM_DISTRO,
+    'aarch64': ALARM_DISTRO.copy(),
-    'armv7h': ALARM_DISTRO,
+    'armv7h': ALARM_DISTRO.copy(),
 }
 
 COMPILE_ARCHES: dict[Arch, str] = {

distro/distro.py

@@ -8,7 +8,7 @@ from generator import generate_pacman_conf_body
 from config.state import config
 
 from .repo import BinaryPackageType, RepoInfo, Repo, LocalRepo, RemoteRepo
-from .repo_config import AbstrRepoConfig, BaseDistro, ReposConfigFile, REPOS_CONFIG_DEFAULT, get_repo_config as _get_repo_config
+from .repo_config import AbstrRepoConfig, BaseDistro, REMOTEURL_KEY, ReposConfigFile, REPOS_CONFIG_DEFAULT, get_repo_config as _get_repo_config
 
 
 class DistroLocation(IntFlag):
@@ -138,7 +138,7 @@ def get_kupfer_repo_names(local) -> list[str]:
 
 
 def get_RepoInfo(arch: Arch, repo_config: AbstrRepoConfig, default_url: Optional[str]) -> RepoInfo:
-    url = repo_config.remote_url or default_url
+    url = repo_config.get(REMOTEURL_KEY, None) or default_url
     if isinstance(url, dict):
         if arch not in url and not default_url:
             raise Exception(f"Invalid repo config: Architecture {arch} not in remote_url mapping: {url}")
@@ -161,7 +161,7 @@ def get_base_distro(arch: Arch, scan: bool = False, unsigned: bool = True, cache
     for repo, repo_config in distro_config.repos.items():
         if unsigned:
             repo_config['options'] = (repo_config.get('options', None) or {}) | {'SigLevel': 'Never'}
-        repos[repo] = get_RepoInfo(arch, repo_config, default_url=distro_config.remote_url)
+        repos[repo] = get_RepoInfo(arch, repo_config, default_url=distro_config.get(REMOTEURL_KEY, None))
 
     distro = RemoteDistro(arch=arch, repo_infos=repos, scan=False)
     if cache_db:
@@ -187,7 +187,7 @@ def get_kupfer_distro(
     if location == DistroLocation.REMOTE:
         remote = True
         cache = _kupfer_https
-        default_url = repo_config.remote_url or KUPFER_HTTPS
+        default_url = repo_config.get(REMOTEURL_KEY, None) or KUPFER_HTTPS
         repos = {repo: get_RepoInfo(arch, conf, default_url) for repo, conf in repo_config.repos.items() if not conf.local_only}
         cls = RemoteDistro
     elif location in [DistroLocation.CHROOT, DistroLocation.LOCAL]:

distro/keyring.py

@@ -6,9 +6,9 @@ from typing import Optional
 
 from config.state import config
 from constants import Arch, KEYRINGS_KEY, KEYRINGS_LOCAL_KEY
+from distro.repo_config import get_repo_config
 from exec.cmd import CompletedProcess, run_cmd
 from exec.file import makedir, remove_file
-from repo_config import get_repo_config
 from utils import extract_files_from_tar_generator, read_files_from_tar_recursive
 
 from .distro import Distro, get_base_distro, get_kupfer_local, get_kupfer_https
@@ -24,9 +24,9 @@ PKG_KEYRING_FOLDER = 'usr/share/pacman/keyrings/'
 
 
 class DistroType(Enum):
-    BASE = auto
+    BASE = auto()
-    LOCAL = auto
+    LOCAL = auto()
-    REMOTE = auto
+    REMOTE = auto()
 
 
 KEYRING_LOCATIONS: dict[DistroType, str] = {
@@ -69,13 +69,15 @@ def init_keyring_gpg_dir(
         remove_file(gpg_dir)
         exists = False
     lazy = lazy and exists
-    makedir(gpg_dir)
+    if not lazy:
+        run_cmd([get_pacman_key_binary(), '--init', '--gpgdir', gpg_dir])
     results = {}
     for name, val in keyring_dists.items():
         dist_dir, dist_changed = val
         if lazy and not dist_changed:
             results[name] = False
             continue
+        logging.info(f"Importing dir {dist_dir} into {gpg_dir}")
         import_dist_keyring(gpg_dir, dist_dir)
         results[name] = True
     return results
@@ -86,8 +88,7 @@ def import_dist_keyring(
     dist_dir: str,
 ) -> CompletedProcess:
     assert gpg_dir and dist_dir and config.runtime.script_source_dir
-    pacman_key = os.path.join(config.runtime.script_source_dir, 'bin', 'pacman-key-user')
+    r = run_cmd([get_pacman_key_binary(), '--populate-from', dist_dir, '--populate', '--gpgdir', gpg_dir])
-    r = run_cmd([pacman_key, '--populate-from', dist_dir, '--populate', '--gpgdir', gpg_dir])
     assert isinstance(r, CompletedProcess)
     return r
 
@@ -117,6 +118,7 @@ def init_keyring_dist_dir(
     elif distro_type == DistroType.REMOTE:
         pkg_names = repo_config.get(KEYRINGS_KEY, None) or []
         distro = get_kupfer_https(arch, scan=False)
+    logging.debug(f"Acquiring keyrings from {distro}: {pkg_names}")
     dist_pkgs, changed = acquire_dist_pkgs(pkg_names, distro, base_dir)
     if lazy and dist_pkgs and not changed and os.path.exists(dist_dir):  # and keyring_is_created(arch, distro_type):
         return {name: (val[0], False) for name, val in dist_pkgs.items()}
@@ -169,6 +171,7 @@ def acquire_dist_pkgs(keyring_packages: list[str], distro: Distro, dist_dir: str
 
 
 def extract_keyring_pkg(pkg_path: str, dest_path: str):
+    makedir(dest_path)
     extract_files_from_tar_generator(
         read_files_from_tar_recursive(pkg_path, PKG_KEYRING_FOLDER),
         dest_path,
@@ -186,3 +189,7 @@ def get_keyring_dist_path(base_dir: str) -> str:
 
 def get_keyring_gpg_path(base_dir: str) -> str:
     return os.path.join(base_dir, KEYRING_GPG_DIR)
+
+
+def get_pacman_key_binary() -> str:
+    return os.path.join(config.runtime.script_source_dir, 'bin', 'pacman-key-user')

distro/repo_config.py

@@ -70,10 +70,11 @@ class ReposConfigFile(DictScheme):
                 repos[name] = repo_cls(_repo, **kwargs)
 
     @staticmethod
-    def parse_config(path: str) -> ReposConfigFile:
+    def parse_config(path: str, insert_defaults: bool = True) -> ReposConfigFile:
+        defaults = REPOS_CONFIG_DEFAULTS_DICT if insert_defaults else {}
         try:
             with open(path, 'r') as fd:
-                data = yaml.safe_load(fd)
+                data = defaults | yaml.safe_load(fd)
             data['_path'] = path
             data['_checksum'] = sha256sum(path)
             return ReposConfigFile(data, validate=True)
@@ -105,7 +106,7 @@ BASE_DISTRO_DEFAULTS = {
     OPTIONS_KEY: None,
 }
 
-REPOS_CONFIG_DEFAULT = ReposConfigFile({
+REPOS_CONFIG_DEFAULTS_DICT = {
     '_path': '__DEFAULTS__',
     '_checksum': None,
     REMOTEURL_KEY: KUPFER_HTTPS,
@@ -122,13 +123,17 @@ REPOS_CONFIG_DEFAULT = ReposConfigFile({
     BASEDISTROS_KEY: {
         arch: {
             REMOTEURL_KEY: None,
-            KEYRINGS_KEY: arch_def.get(KEYRINGS_KEY, None),
+            KEYRINGS_KEY: arch_def.get(KEYRINGS_KEY, None).copy(),
-            'repos': {k: {
+            'repos': {
-                'remote_url': v
+                k: {
-            } for k, v in arch_def['repos'].items()},  # type: ignore[union-attr]
+                    'remote_url': v
+                } for k, v in arch_def['repos'].items()  # type: ignore[union-attr]
+            },
         } for arch, arch_def in BASE_DISTROS.items()
     },
-})
+}
+
+REPOS_CONFIG_DEFAULT = ReposConfigFile(REPOS_CONFIG_DEFAULTS_DICT)
 
 _current_config = None