Thanks for advice! I tried to put my key into /usr/share/distribution-gpg-keys/local and into /usr/share/distribution-gpg-keys/centos on both host system and mock chroot. Regrettably I had the same error. What's interesting is that this worked properly with mock v 1.4 The problems started when I upgraded to mock 2.6. Currently I'm testing on mock 2.8 from epel.
Rgrds, On 22.01.2021 11:39, Pavel Raiskup wrote: > On Friday, January 22, 2021 8:55:02 AM CET Daniel Mach wrote: >> Isn't the problem that mock uses rpm and dnf from the host environment >> and expects the GPG key to be there too? > That would be good guess, with '--no-bootstrap-chroot'. But nowadays there > are > two steps by default: > > * Host RPM/DNF installs target RPM/DNF into "bootstrap" chroot > * RPM/DNF from bootstrap is used to install the final chroot > > And so the gpg keys need to be available in bootstrap chroot, and > sometimes also on host, depending on use-case. > > There's a mock's internal method [1] which copies GPG keys into both > bootstrap and normal chroot, but it only looks at > /usr/share/distribution-gpg-keys - so the easiest way is to put the custom > GPG keys there. Sometimes it might be a good idea to talk to > distribution-gpg-keys [2] maintainer (Mirek Suchý) and include the keys > there by default. > > [1] https://github.com/rpm-software-management/mock/blob/cbee491d6309222e70f530aec71b0f76072a5517/mock/py/mockbuild/package_manager.py#L286-L295 > [2] https://github.com/xsuchy/distribution-gpg-keys > > Pavel > >> The point is that mock has to be able to install into empty chroots and >> that's why it's using package manager and configuration from the host >> environment. >> >> Dne 21. 01. 21 v 21:30 Michael Ivanov napsal(a): >>> Hallo, >>> >>> I have the following problem: I'm trying to install rpm packages, signed >>> with my local key, into mock chroot. >>> >>> I use the following procedure: >>> >>> Create chroot: >>> mock --arch=x86_64 -r rpm/cs8.cfg --init >>> Copy my rpm key file into chroot: >>> mock --arch=x86_64 -r rpm/cs8.cfg --cache-alterations --copyin >>> /etc/pki/rpm-gpg/Local-KEY /etc/pki/rpm-gpg >>> Install my package into chroot: >>> mock --arch=x86_64 -r rpm/cs8.cfg --cache-alterations --install >>> my-rpm-package >>> >>> During package install I get the following error: >>> >>> Curl error (37): Couldn't read a file:// file for >>> file:///etc/pki/rpm-gpg/Local-KEY [Couldn't open file >>> /etc/pki/rpm-gpg/Local-KEY] >>> >>> I check chroot contents with: >>> mock --arch=x86_64 -r rpm/cs8.cfg --shell "ls -l >>> /etc/pki/rpm-gpg/Local-KEY" >>> >>> and it shows me that the file is present. I doublecheck with: >>> >>> ls -l /var/lib/mock/cs8/root/etc/pki/rpm-gpg >>> >>> and this also shows that file is present. The file is also present on >>> host system in /etc/pki/rpm-gpg >>> >>> What I'm doing wrong? >>> >>> Best regards, >>> >>> -- >>> \ / | | >>> (OvO) | Михаил Иванов | >>> (^^^) | | >>> \^/ | E-mail:iv...@isle.spb.ru | >>> ^ ^ | | >>> >>> >>> _______________________________________________ >>> buildsys mailing list -- buildsys@lists.fedoraproject.org >>> To unsubscribe send an email to buildsys-le...@lists.fedoraproject.org >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraproject.org >>> >> _______________________________________________ >> buildsys mailing list -- buildsys@lists.fedoraproject.org >> To unsubscribe send an email to buildsys-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraproject.org >> > _______________________________________________ > buildsys mailing list -- buildsys@lists.fedoraproject.org > To unsubscribe send an email to buildsys-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraproject.org -- \ / | | (OvO) | Mikhail Iwanow | (^^^) | | \^/ | E-mail: iv...@isle.spb.ru | ^ ^ | | -- \ / | | (OvO) | Михаил Иванов | (^^^) | Тел.: +7(911) 223-1300 | \^/ | E-mail: iv...@isle.spb.ru | ^ ^ | | _______________________________________________ buildsys mailing list -- buildsys@lists.fedoraproject.org To unsubscribe send an email to buildsys-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraproject.org
