From e337d723c9d3734f1fcc0771961dee7a53297f3e Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Mon, 25 Jul 2022 16:46:53 -0700
Subject: [PATCH] deploy gpg key with sig

---
 .../empanadas/templates/reposync-src.tmpl     |  5 ++++
 .../empanadas/templates/reposync.tmpl         |  5 ++++
 iso/empanadas/empanadas/util/dnf_utils.py     | 25 +++++++++++--------
 iso/empanadas/empanadas/util/shared.py        |  2 +-
 4 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/iso/empanadas/empanadas/templates/reposync-src.tmpl b/iso/empanadas/empanadas/templates/reposync-src.tmpl
index 8053994..59779f0 100644
--- a/iso/empanadas/empanadas/templates/reposync-src.tmpl
+++ b/iso/empanadas/empanadas/templates/reposync-src.tmpl
@@ -19,6 +19,11 @@ if [ "$ret_val" -eq 0 ]; then
     echo "SOME PACKAGES DID NOT DOWNLOAD" | tee -a {{ sync_log }}
     exit 1
   else
+{% if deploy_extra_files %}
+    pushd {{ download_path }}
+    curl -RO {{ gpg_key_url }}
+    popd
+{% endif %}
     exit 0
   fi
 fi
diff --git a/iso/empanadas/empanadas/templates/reposync.tmpl b/iso/empanadas/empanadas/templates/reposync.tmpl
index 06152db..089c5f8 100644
--- a/iso/empanadas/empanadas/templates/reposync.tmpl
+++ b/iso/empanadas/empanadas/templates/reposync.tmpl
@@ -26,6 +26,11 @@ if [ "$ret_val" -eq 0 ]; then
     #  echo "Repository is empty." | tee -a {{ sync_log }}
     #  rm -rf {{ download_path }}
     #fi
+{% if deploy_extra_files %}
+    pushd {{ download_path }}
+    curl -RO {{ gpg_key_url }}
+    popd
+{% endif %}
     exit 0
   fi
 fi
diff --git a/iso/empanadas/empanadas/util/dnf_utils.py b/iso/empanadas/empanadas/util/dnf_utils.py
index 17e9301..6dc4897 100644
--- a/iso/empanadas/empanadas/util/dnf_utils.py
+++ b/iso/empanadas/empanadas/util/dnf_utils.py
@@ -317,6 +317,7 @@ class RepoSync:
         bad_exit_list = []
         self.log.info('Generating container entries')
         entries_dir = os.path.join(work_root, "entries")
+        gpg_key_url = self.extra_files['git_raw_path'] + self.extra_files['gpg'][self.gpgkey]
         if not os.path.exists(entries_dir):
             os.makedirs(entries_dir, exist_ok=True)
 
@@ -384,10 +385,7 @@ class RepoSync:
                         'debug/tree'
                 )
 
-                import_gpg_cmd = ("/usr/bin/rpm --import {}{}").format(
-                        self.extra_files['git_raw_path'],
-                        self.extra_files['gpg'][self.gpgkey]
-                )
+                import_gpg_cmd = ("/usr/bin/rpm --import {}").format(gpg_key_url)
 
                 arch_force_cp = ("/usr/bin/sed 's|$basearch|{}|g' {} > {}.{}".format(
                     a,
@@ -1736,6 +1734,7 @@ class SigRepoSync:
         bad_exit_list = []
         self.log.info('Generating container entries')
         entries_dir = os.path.join(work_root, "entries")
+        gpg_key_url = self.extra_files['git_raw_path'] + self.extra_files['gpg'][self.gpgkey]
         if not os.path.exists(entries_dir):
             os.makedirs(entries_dir, exist_ok=True)
 
@@ -1795,10 +1794,7 @@ class SigRepoSync:
                         r + '-debug'
                 )
 
-                import_gpg_cmd = ("/usr/bin/rpm --import {}{}").format(
-                        self.extra_files['git_raw_path'],
-                        self.extra_files['gpg'][self.gpgkey]
-                )
+                import_gpg_cmd = ("/usr/bin/rpm --import {}").format(gpg_key_url)
 
                 arch_force_cp = ("/usr/bin/sed 's|$basearch|{}|g' {} > {}.{}".format(
                     a,
@@ -1866,7 +1862,9 @@ class SigRepoSync:
                         sync_cmd=sync_cmd,
                         metadata_cmd=metadata_cmd,
                         sync_log=sync_log,
-                        download_path=os_sync_path
+                        download_path=os_sync_path,
+                        gpg_key_url=gpg_key_url,
+                        deploy_extra_files=True
                 )
 
                 debug_sync_template = self.tmplenv.get_template('reposync.tmpl')
@@ -1877,7 +1875,9 @@ class SigRepoSync:
                         sync_cmd=debug_sync_cmd,
                         metadata_cmd=debug_metadata_cmd,
                         sync_log=debug_sync_log,
-                        download_path=debug_sync_path
+                        download_path=debug_sync_path,
+                        gpg_key_url=gpg_key_url,
+                        deploy_extra_files=True
                 )
 
                 entry_point_open = open(entry_point_sh, "w+")
@@ -1936,7 +1936,10 @@ class SigRepoSync:
                         dnf_plugin_cmd=dnf_plugin_cmd,
                         sync_cmd=source_sync_cmd,
                         metadata_cmd=source_metadata_cmd,
-                        sync_log=source_sync_log
+                        sync_log=source_sync_log,
+                        download_path=debug_sync_path,
+                        gpg_key_url=gpg_key_url,
+                        deploy_extra_files=True
                 )
 
                 source_entry_point_open = open(source_entry_point_sh, "w+")
diff --git a/iso/empanadas/empanadas/util/shared.py b/iso/empanadas/empanadas/util/shared.py
index f0a4ea4..c417ab1 100644
--- a/iso/empanadas/empanadas/util/shared.py
+++ b/iso/empanadas/empanadas/util/shared.py
@@ -1007,7 +1007,7 @@ class Shared:
         might also deploy COMPOSE_ID and maybe in the future a metadata dir with
         a bunch of compose-esque stuff.
         """
-        logger.info(Color.INFO + 'Deploying treeinfo, discinfo, and media.repo')
+        #logger.info(Color.INFO + 'Deploying treeinfo, discinfo, and media.repo')
 
         cmd = Shared.git_cmd(logger)
         tmpclone = '/tmp/clone'