From d7c4da5106d623535af8a61fccaa26f841e9a6a9 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Thu, 11 Apr 2024 17:30:08 +0200 Subject: [PATCH] osbuild/rpm: generate stable and unique gpg key options The addition of repo configs from the depsolve result added in PR #537 [1] added a bit of non-determinism to the rpm stage option generation. The list of gpg keys to import always had duplicates but it was at least stable, based on the repository configurations for each build. Now, the repository configurations that we get from the depsolve aren't in stable order so the key order can change. This had no functional effect on the image build process, but it does mean that manifests generated with the same inputs have different IDs. Sort and deduplicate keys in the rpm stage option generation to make manifests stable. Deduplicating the keys also makes the manifests a bit "cleaner". [1] https://github.com/osbuild/images/pull/537 Signed-off-by: Achilleas Koutsou --- pkg/osbuild/rpm_stage.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/osbuild/rpm_stage.go b/pkg/osbuild/rpm_stage.go index 3dc7fdb4d4..77e600dd8e 100644 --- a/pkg/osbuild/rpm_stage.go +++ b/pkg/osbuild/rpm_stage.go @@ -2,6 +2,7 @@ package osbuild import ( "github.com/osbuild/images/pkg/rpmmd" + "golang.org/x/exp/slices" ) type RPMStageOptions struct { @@ -138,14 +139,21 @@ func pkgRefs(specs []rpmmd.PackageSpec) FilesInputRef { } func NewRPMStageOptions(repos []rpmmd.RepoConfig) *RPMStageOptions { - var gpgKeys []string + gpgKeys := make([]string, 0) + keyMap := make(map[string]bool) // for deduplicating keys for _, repo := range repos { if len(repo.GPGKeys) == 0 { continue } - gpgKeys = append(gpgKeys, repo.GPGKeys...) + for _, key := range repo.GPGKeys { + if !keyMap[key] { + gpgKeys = append(gpgKeys, key) + keyMap[key] = true + } + } } + slices.Sort(gpgKeys) return &RPMStageOptions{ GPGKeys: gpgKeys, }