Merge remote-tracking branch 'origin/pr/172'

* origin/pr/172: tests: fix setting temporary gpg home installer: use old dnf until dnf5 fixes signature verification Revert "installer: adjust options for dnf5"
QubesOS · Jan 10, 2025 · 36bd715 · 36bd715
2 parents e0321e2 + 05b7bc1
commit 36bd715
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 31 deletions.
diff --git a/qubesbuilder/plugins/installer/Makefile b/qubesbuilder/plugins/installer/Makefile
@@ -40,7 +40,7 @@ ISO_VOLID := $(shell echo $(ISO_NAME) | tr a-z A-Z | tr -s -c [:alnum:]'\n' - |
 BASE_DIR := $(INSTALLER_DIR)/work/$(ISO_VERSION)/x86_64
 TMP_DIR:= $(BUILDER_DIR)/tmp
 
-DNF := /usr/bin/dnf
+DNF := /usr/bin/dnf-3
 DNF_ROOT := $(BUILDER_DIR)/dnfroot
 DNF_REPO := $(DNF_ROOT)/etc/yum.repos.d/installer.repo
 DNF_PACKAGES := $(DNF_ROOT)/tmp/packages.list
@@ -130,12 +130,12 @@ iso-packages-anaconda:
 	$(DNF) $(DNF_OPTS) clean all
 	# workaround for https://github.com/rpm-software-management/dnf/issues/1974
 	rpmkeys --root=$(DNF_ROOT) --import $$(sed -n '/gpgkey *= *file:/{s,.*file://,,;p}' $(DNF_ROOT)/etc/yum.repos.d/*.repo)
-	umask 022; $(DNF) $(DNF_OPTS) download --destdir=$(BASE_DIR)/os/Packages --resolve $(shell cat $(DNF_PACKAGES))
+	umask 022; $(DNF) $(DNF_OPTS) --downloaddir=$(BASE_DIR)/os/Packages --downloadonly install $(shell cat $(DNF_PACKAGES))
 	pushd $(BASE_DIR)/os/ && $(CREATEREPO) -q -g $(TMP_DIR)/comps.xml .
 
 iso-packages-lorax:
 	$(DNF) $(DNF_OPTS) clean all
-	umask 022; $(DNF) $(DNF_OPTS) download --destdir=$(INSTALLER_DIR)/yum/installer/rpm --resolve $(shell cat $(LORAX_PACKAGES))
+	umask 022; $(DNF) $(DNF_OPTS) --downloaddir=$(INSTALLER_DIR)/yum/installer/rpm --downloadonly install $(shell cat $(LORAX_PACKAGES))
 	pushd $(INSTALLER_DIR)/yum/installer && $(CREATEREPO) -q -g $(TMP_DIR)/comps.xml --update .
 
 iso-templates-cache: iso-prepare iso-parse-kickstart
@@ -149,7 +149,7 @@ iso-templates-cache: iso-prepare iso-parse-kickstart
 
 	$(DNF) $(DNF_OPTS) clean all
 	rpmkeys --root=$(DNF_ROOT) --import $$(sed -n '/gpgkey *= *file:/{s,.*file://,,;p}' $(DNF_ROOT)/etc/yum.repos.d/*.repo)
-	umask 022; $(DNF) $(DNF_OPTS_TEMPLATES) download --destdir=$(BUILDER_DIR)/repository/templates $(TEMPLATE_PACKAGES)
+	umask 022; $(DNF) $(DNF_OPTS_TEMPLATES) --downloaddir=$(INSTALLER_DIR)/yum/installer/rpm --downloaddir=$(BUILDER_DIR)/repository/templates download $(TEMPLATE_PACKAGES)
 
 #
 # CAGE -> MOCK

diff --git a/tests/test_cli.py b/tests/test_cli.py
@@ -527,7 +527,7 @@ def test_component_host_fc37_sign(artifacts_dir):
     )
 
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         # Better copy testing keyring into a separate directory to prevent locks inside
         # local sources (when executed locally).
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
@@ -589,7 +589,7 @@ def test_component_host_fc37_sign(artifacts_dir):
 def test_component_host_fc37_publish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -809,7 +809,7 @@ def test_component_host_fc37_publish(artifacts_dir):
 def test_component_host_fc37_upload(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
         builder_conf = tmpdir + "/builder.yml"
@@ -915,7 +915,7 @@ def test_component_host_fc37_build_skip(artifacts_dir):
 def test_component_host_fc37_sign_skip(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -956,7 +956,7 @@ def test_component_host_fc37_sign_skip(artifacts_dir):
 def test_component_host_fc37_unpublish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1164,7 +1164,7 @@ def test_component_vm_bookworm_build(artifacts_dir):
 def test_component_vm_bookworm_sign(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1215,7 +1215,7 @@ def test_component_vm_bookworm_sign(artifacts_dir):
 def test_component_vm_bookworm_publish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1401,7 +1401,7 @@ def test_component_vm_bookworm_build_skip(artifacts_dir):
 def test_component_vm_bookworm_sign_skip(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1439,7 +1439,7 @@ def test_component_vm_bookworm_unpublish(artifacts_dir):
 
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1555,7 +1555,7 @@ def test_increment_component_fetch(artifacts_dir):
 def test_increment_component_build(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1721,7 +1721,7 @@ def test_component_vm_archlinux_sign(artifacts_dir):
     env = os.environ.copy()
 
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         # Better copy testing keyring into a separate directory to prevent locks inside
         # local sources (when executed locally).
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
@@ -1765,7 +1765,7 @@ def test_component_vm_archlinux_sign(artifacts_dir):
 def test_component_vm_archlinux_publish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -1886,7 +1886,7 @@ def test_component_vm_archlinux_publish(artifacts_dir):
 def test_component_vm_archlinux_upload(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
         builder_conf = tmpdir + "/builder.yml"
@@ -2023,7 +2023,7 @@ def test_template_fedora_40_build(artifacts_dir):
 def test_template_fedora_40_minimal_sign(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         # Better copy testing keyring into a separate directory to prevent locks inside
         # local sources (when executed locally).
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
@@ -2033,6 +2033,7 @@ def test_template_fedora_40_minimal_sign(artifacts_dir):
         # We prevent rpm to find ~/.rpmmacros
         env["HOME"] = tmpdir
 
+
         qb_call(
             DEFAULT_BUILDER_CONF,
             artifacts_dir,
@@ -2067,7 +2068,7 @@ def test_template_fedora_40_minimal_sign(artifacts_dir):
 def test_template_fedora_40_minimal_publish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -2158,7 +2159,7 @@ def test_template_fedora_40_minimal_publish(artifacts_dir):
 def test_template_fedora_40_minimal_publish_new(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -2283,7 +2284,7 @@ def test_template_fedora_40_minimal_publish_new(artifacts_dir):
 def test_template_fedora_40_minimal_unpublish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -2470,7 +2471,7 @@ def test_template_debian_12_minimal_build(artifacts_dir):
 def test_template_debian_12_minimal_sign(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         # Better copy testing keyring into a separate directory to prevent locks inside
         # local sources (when executed locally).
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
@@ -2514,7 +2515,7 @@ def test_template_debian_12_minimal_sign(artifacts_dir):
 def test_template_debian_12_minimal_publish(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 

diff --git a/tests/test_cli_repository.py b/tests/test_cli_repository.py
@@ -57,7 +57,7 @@ def qb_call_output(builder_conf, artifacts_dir, *args, **kwargs):
 def test_repository_create_vm_fc40(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -98,7 +98,7 @@ def test_repository_create_vm_fc40(artifacts_dir):
 def test_repository_create_vm_bookworm(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 
@@ -130,7 +130,7 @@ def test_repository_create_vm_bookworm(artifacts_dir):
 def test_repository_create_template(artifacts_dir):
     env = os.environ.copy()
     with tempfile.TemporaryDirectory() as tmpdir:
-        gnupghome = f"{tmpdir}/.gnupg"
+        gnupghome = f"{tmpdir}/gnupg"
         shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
         os.chmod(gnupghome, 0o700)
 

diff --git a/tests/test_scripts.py b/tests/test_scripts.py
@@ -29,7 +29,7 @@ def temp_directory():
 
 @pytest.fixture
 def home_directory(temp_directory):
-    gnupghome = f"{temp_directory}/.gnupg"
+    gnupghome = f"{temp_directory}/gnupg"
     shutil.copytree(PROJECT_PATH / "tests/gnupg", gnupghome)
     os.chmod(gnupghome, 0o700)
     # Initialize the conf
@@ -390,7 +390,7 @@ def test_non_qubesos_repository_with_maintainer_and_signed_tag(
 def test_repository_with_multiple_distinct_signatures(
     temp_directory, home_directory
 ):
-    gnupg_dir = home_directory / ".gnupg"
+    gnupg_dir = home_directory / "gnupg"
     remote_repo_dir = temp_directory / "remote_repo"
     repo_dir = temp_directory / "repo"
     key_ids = [
@@ -443,7 +443,7 @@ def test_repository_with_multiple_distinct_signatures(
 def test_repository_with_multiple_non_distinct_signatures(
     temp_directory, home_directory
 ):
-    gnupg_dir = home_directory / ".gnupg"
+    gnupg_dir = home_directory / "gnupg"
     remote_repo_dir = temp_directory / "remote_repo"
     repo_dir = temp_directory / "repo"
     key_ids = [
@@ -502,7 +502,7 @@ def test_repository_with_multiple_non_distinct_signatures(
 def test_repository_with_multiple_distinct_signatures_not_in_maintainers(
     temp_directory, home_directory
 ):
-    gnupg_dir = home_directory / ".gnupg"
+    gnupg_dir = home_directory / "gnupg"
     remote_repo_dir = temp_directory / "remote_repo"
     repo_dir = temp_directory / "repo"
     key_ids = [
@@ -553,7 +553,7 @@ def test_repository_with_multiple_distinct_signatures_not_in_maintainers(
 
 
 def test_repository_with_signed_commit(capsys, temp_directory, home_directory):
-    gnupg_dir = home_directory / ".gnupg"
+    gnupg_dir = home_directory / "gnupg"
     remote_repo_dir = temp_directory / "remote_repo"
     repo_dir = temp_directory / "repo"
     key_ids = [