[PATCH] pungi: Verify downloaded packages

[Marek Marczykowski-Górecki]

Handle "repo --gpgkey" in kickstart to verify downloaded packages

Especially important for lorax and livecd-tools - those packages will
not verified in any way without setting yum options here.

---
 pungi/gather.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

This depends on "repo --gpgkey" pykickstart patch here:
https://github.com/rhinstaller/pykickstart/pull/32
If possible, I'd like to have it also in 3.x branch. Cherry-pick works
just fine (there was a file name change, only that).

diff --git a/pungi/gather.py b/pungi/gather.py
index bcc2861..a5c9df9 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -281,7 +281,7 @@ class Pungi(PungiBase):
 
     def _add_yum_repo(self, name, url, mirrorlist=False, groups=True,
                       cost=1000, includepkgs=None, excludepkgs=None,
-                      proxy=None):
+                      proxy=None, gpgkey=None):
         """This function adds a repo to the yum object.
         name: Name of the repo
         url: Full url to the repo
@@ -318,6 +318,10 @@ class Pungi(PungiBase):
         thisrepo.exclude = excludepkgs
         thisrepo.includepkgs = includepkgs
         thisrepo.cost = cost
+        if gpgkey:
+            thisrepo.gpgcheck = True
+            thisrepo.gpgkey = yum.parser.varReplace(gpgkey,
+                                                    self.ayum.conf.yumvar)
         # Yum doesn't like proxy being None
         if proxy:
             thisrepo.proxy = proxy
@@ -349,6 +353,7 @@ class Pungi(PungiBase):
         yumconf.installroot = os.path.join(self.workdir, 'yumroot')
         yumconf.uid = os.geteuid()
         yumconf.cache = 0
+        yumconf.assumeyes = True
         yumconf.failovermethod = 'priority'
         yumconf.deltarpm = 0
         yumvars = yum.config._getEnvVar()
@@ -379,7 +384,8 @@ class Pungi(PungiBase):
                                    cost=repo.cost,
                                    includepkgs=repo.includepkgs,
                                    excludepkgs=repo.excludepkgs,
-                                   proxy=repo.proxy)
+                                   proxy=repo.proxy,
+                                   gpgkey=repo.gpgkey)
             else:
                 self._add_yum_repo(repo.name, repo.baseurl,
                                    mirrorlist=False,
@@ -387,7 +393,8 @@ class Pungi(PungiBase):
                                    cost=repo.cost,
                                    includepkgs=repo.includepkgs,
                                    excludepkgs=repo.excludepkgs,
-                                   proxy=repo.proxy)
+                                   proxy=repo.proxy,
+                                   gpgkey=repo.gpgkey)
 
         self.logger.info('Getting sacks for arches %s' % self.valid_arches)
         self.ayum._getSacks(archlist=self.valid_arches)
-- 
2.1.0


-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150807/79ff8637/attachment.sig>