search

openSUSE / obs-build

OBS build script, can be used with OBS or stand alone
GNU General Public License v2.0
132 stars 183 forks source link

Import repository keys in container build #936

Open tacerus opened 1 year ago

tacerus commented 1 year ago

Hello,

in Dockerfile builds outside of OBS it is possible to install additional repositories and import the associated keys at build time using, for example:

RUN zypper ar -f -p 100 http://download.opensuse.org/repositories/openSUSE:infrastructure/15.4/ "openSUSE:infrastructure"
RUN zypper -n --gpg-auto-import-keys ref

In https://github.com/openSUSE/obs-build/blob/master/obs-docker-support#L65, all refresh activity is cancelled out - this makes sense, as repositories do not need to refreshed in the build environment, however it does not offer an alternative to import signing keys.

A workaround is to use the download_assets service:

#!RemoteAssetUrl: https://download.opensuse.org/repositories/openSUSE:/infrastructure/15.4/repodata/repomd.xml.key
COPY repomd.xml.key /tmp/
RUN rpm --import /tmp/repomd.xml.key ; rm /tmp/repomd.xml.key

Needless to say, that route is a bit ugly.

It would be nice if there was a native way to import signing keys of additional OBS repositories.