From 41539a4582bbcb7dd6aa96e41c85f163ba8bcc0e Mon Sep 17 00:00:00 2001
From: Yegor Yefremov <yegorslists@googlemail.com>
Date: Tue, 4 Apr 2023 13:29:42 +0200
Subject: [PATCH] initvm: add an option for additional Debian archive key
 location

The option `keys_dir` provides a path to the additional key location.

The use case is when you create an initvm on, for example, Ubuntu
where the `debian-archive-keyring` package installs the keys to
`/usr/share/keyrings/`. As elbe looks in `/etc/apt/trusted.gpg.d`
for the keys, it ignores the ones in `/usr/share/keyrings/`.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
---
 elbepack/commands/init.py   |  8 +++++++-
 elbepack/commands/initvm.py |  6 ++++++
 elbepack/debinstaller.py    | 21 ++++++++++++---------
 elbepack/initvmaction.py    |  3 +++
 4 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/elbepack/commands/init.py b/elbepack/commands/init.py
index b7b6e092a5..ddb2915e5f 100644
--- a/elbepack/commands/init.py
+++ b/elbepack/commands/init.py
@@ -86,6 +86,12 @@ def run_command(argv):
         default=True,
         help="Skip building Source CDROM")
 
+    oparser.add_option(
+        "--keys_dir",
+        dest="keys_dir",
+        default=None,
+        help="directory, where to find the debian archive keys")
+
     (opt, args) = oparser.parse_args(argv)
 
     if not args:
@@ -172,7 +178,7 @@ def run_command(argv):
             os.putenv("no_proxy", "localhost,127.0.0.1")
 
         try:
-            copy_kinitrd(xml.node("/initvm"), out_path)
+            copy_kinitrd(xml.node("/initvm"), out_path, opt.keys_dir)
         except NoKinitrdException as e:
             msg = str(e)
             logging.error("Failure to download kernel/initrd debian Package:")
diff --git a/elbepack/commands/initvm.py b/elbepack/commands/initvm.py
index 321af3fbc5..8c3f76b21c 100644
--- a/elbepack/commands/initvm.py
+++ b/elbepack/commands/initvm.py
@@ -71,6 +71,12 @@ def run_command(argv):
         default=False,
         help="Also make 'initvm submit' build an SDK.")
 
+    oparser.add_option(
+        "--keys_dir",
+        dest="keys_dir",
+        default=None,
+        help="directory, where to find the debian archive keys")
+
     PreprocessWrapper.add_options(oparser)
 
     (opt, args) = oparser.parse_args(argv)
diff --git a/elbepack/debinstaller.py b/elbepack/debinstaller.py
index 1544bed9d4..baae0e4521 100644
--- a/elbepack/debinstaller.py
+++ b/elbepack/debinstaller.py
@@ -74,7 +74,7 @@ def __init__(self, base_url, fname, fname_list):
                                                m.group(1))
 
 
-def setup_apt_keyring(gpg_home, keyring_fname):
+def setup_apt_keyring(gpg_home, keyring_fname, keys_dir):
     ring_path = os.path.join(gpg_home, keyring_fname)
     if not os.path.isdir("/etc/apt/trusted.gpg.d"):
         print("/etc/apt/trusted.gpg.d doesn't exist")
@@ -90,13 +90,16 @@ def setup_apt_keyring(gpg_home, keyring_fname):
                   '--batch ' \
                   f'--homedir "{gpg_home}"'
 
-    trustkeys = os.listdir("/etc/apt/trusted.gpg.d")
+    trustkeys = [os.path.join("/etc/apt/trusted.gpg.d", f)
+                 for f in os.listdir("/etc/apt/trusted.gpg.d")]
+    if keys_dir:
+        trustkeys = trustkeys + [os.path.join(keys_dir, f)
+                                 for f in os.listdir(keys_dir)]
+
     for key in trustkeys:
         print(f"Import {key}: ")
         try:
-            system(
-                f'gpg {gpg_options} '
-                f'--import "{os.path.join("/etc/apt/trusted.gpg.d", key)}"')
+            system(f'gpg {gpg_options} --import "{key}"')
         except CommandError:
             print(f'adding keyring "{key}" to keyring "{ring_path}" failed')
 
@@ -144,11 +147,11 @@ def verify_release(tmp, base_url):
         sig.close()
 
 
-def download_kinitrd(tmp, suite, mirror, skip_signature=False):
+def download_kinitrd(tmp, suite, mirror, keys_dir, skip_signature=False):
     base_url = f"{mirror.replace('LOCALMACHINE', 'localhost')}/dists/{suite}/"
     installer_path = "main/installer-amd64/current/images/"
 
-    setup_apt_keyring(tmp.fname('/'), 'pubring.gpg')
+    setup_apt_keyring(tmp.fname('/'), 'pubring.gpg', keys_dir)
 
     # download release file
     download(base_url + "Release", tmp.fname('Release'))
@@ -201,7 +204,7 @@ def get_primary_mirror(prj):
     return mirror
 
 
-def copy_kinitrd(prj, target_dir):
+def copy_kinitrd(prj, target_dir, keys_dir):
 
     suite = prj.text("suite")
 
@@ -217,7 +220,7 @@ def copy_kinitrd(prj, target_dir):
                      os.path.join(target_dir, "initrd.gz"))
         else:
             mirror = get_primary_mirror(prj)
-            download_kinitrd(tmp, suite, mirror, prj.has("noauth"))
+            download_kinitrd(tmp, suite, mirror, keys_dir, prj.has("noauth"))
 
             copyfile(tmp.fname("initrd.gz"),
                      os.path.join(target_dir, "initrd.gz"))
diff --git a/elbepack/initvmaction.py b/elbepack/initvmaction.py
index 497385bb89..334bfb5c17 100644
--- a/elbepack/initvmaction.py
+++ b/elbepack/initvmaction.py
@@ -591,6 +591,9 @@ def execute(self, initvmdir, opt, args):
             if not opt.build_sources:
                 init_opts += ' --skip-build-source'
 
+            if opt.keys_dir:
+                init_opts += f' --keys_dir "{opt.keys_dir}"'
+
             with PreprocessWrapper(xmlfile, opt) as ppw:
                 if cdrom:
                     system(