mkarchiso: do not try to use an non existent GPG public key file

The `bootstrap` build mode never calls `_export_gpg_publickey`, so even if
the GPG key is passed with the `-g` option and thus the `gpg_key` variable
is set, the `${work_dir}/pubkey.gpg` file will not exist.
This has not caused any issue so far because the `ARCHISO_GNUPG_FD` file
descriptor opens the file for both reading and writing, which means the
file gets created if it does not exist.

Assign the exported public key file name to a `gpg_publickey` variable in
`_export_gpg_publickey` and check for it when the file is used.

Since the exist status of the gpg command cannot be checked, look for the
exported public key file instead.
This commit is contained in:
nl6720 2022-11-26 21:35:38 +02:00
parent 4ee6fdc1ea
commit d31f38843a
No known key found for this signature in database
GPG Key ID: 5CE88535E188D369
2 changed files with 9 additions and 5 deletions

View File

@ -12,6 +12,8 @@ Added
Changed Changed
------- -------
- Check if the GPG public key file was successfully placed in the work directory before trying to use it.
Removed Removed
------- -------

View File

@ -335,8 +335,8 @@ _make_custom_airootfs() {
_make_packages() { _make_packages() {
_msg_info "Installing packages to '${pacstrap_dir}/'..." _msg_info "Installing packages to '${pacstrap_dir}/'..."
if [[ -n "${gpg_key}" ]]; then if [[ -v gpg_publickey ]]; then
exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg" exec {ARCHISO_GNUPG_FD}<>"$gpg_publickey"
export ARCHISO_GNUPG_FD export ARCHISO_GNUPG_FD
fi fi
if [[ -v cert_list[0] ]]; then if [[ -v cert_list[0] ]]; then
@ -364,7 +364,7 @@ _make_packages() {
exec {ARCHISO_TLSCA_FD}<&- exec {ARCHISO_TLSCA_FD}<&-
unset ARCHISO_TLSCA_FD unset ARCHISO_TLSCA_FD
fi fi
if [[ -n "${gpg_key}" ]]; then if [[ -v gpg_publickey ]]; then
exec {ARCHISO_GNUPG_FD}<&- exec {ARCHISO_GNUPG_FD}<&-
unset ARCHISO_GNUPG_FD unset ARCHISO_GNUPG_FD
fi fi
@ -1614,8 +1614,10 @@ _set_overrides() {
} }
_export_gpg_publickey() { _export_gpg_publickey() {
rm -f -- "${work_dir}/pubkey.gpg" gpg_publickey="${work_dir}/pubkey.gpg"
gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" rm -f -- "$gpg_publickey"
gpg --batch --no-armor --output "$gpg_publickey" --export "${gpg_key}"
[[ -s "$gpg_publickey" ]] || return
} }
_make_version() { _make_version() {