From c82153f14d9391c72d914c80d764de0d7ef7ff1e Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Wed, 7 May 2025 22:23:21 +0200
Subject: [PATCH 34/37] Introduce distro-based rpm-gpg trusted directory

The original trusted rpm-gpg directories under
    files/rpm-gpg/
is not flexible when considering other distributions as well.
The new path pattern will be:
    files/distro/<DISTRO>/rpm-gpg/

Removing files/rpm-gpg directory with the included RHEL GPG keys
in favor of the new distro based directory.

jira: RHEL-80335

Signed-off-by: Petr Stodulka <pstodulk@redhat.com>
---
 .../rpm-gpg/10/RPM-GPG-KEY-redhat-release     |  0
 .../rpm-gpg/10beta/RPM-GPG-KEY-redhat-release |  0
 .../rpm-gpg/8/RPM-GPG-KEY-redhat-release      |  0
 .../rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta     |  0
 .../rpm-gpg/9/RPM-GPG-KEY-redhat-release      |  0
 .../rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta     |  0
 repos/system_upgrade/common/libraries/gpg.py  |  8 ++++++-
 .../common/libraries/tests/test_gpg.py        | 21 +++++++++++--------
 8 files changed, 19 insertions(+), 10 deletions(-)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/10/RPM-GPG-KEY-redhat-release (100%)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/10beta/RPM-GPG-KEY-redhat-release (100%)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/8/RPM-GPG-KEY-redhat-release (100%)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta (100%)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/9/RPM-GPG-KEY-redhat-release (100%)
 rename repos/system_upgrade/common/files/{ => distro/rhel}/rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta (100%)

diff --git a/repos/system_upgrade/common/files/rpm-gpg/10/RPM-GPG-KEY-redhat-release b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/10/RPM-GPG-KEY-redhat-release
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/10/RPM-GPG-KEY-redhat-release
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/10/RPM-GPG-KEY-redhat-release
diff --git a/repos/system_upgrade/common/files/rpm-gpg/10beta/RPM-GPG-KEY-redhat-release b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/10beta/RPM-GPG-KEY-redhat-release
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/10beta/RPM-GPG-KEY-redhat-release
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/10beta/RPM-GPG-KEY-redhat-release
diff --git a/repos/system_upgrade/common/files/rpm-gpg/8/RPM-GPG-KEY-redhat-release b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/8/RPM-GPG-KEY-redhat-release
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/8/RPM-GPG-KEY-redhat-release
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/8/RPM-GPG-KEY-redhat-release
diff --git a/repos/system_upgrade/common/files/rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/8beta/RPM-GPG-KEY-redhat-beta
diff --git a/repos/system_upgrade/common/files/rpm-gpg/9/RPM-GPG-KEY-redhat-release b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/9/RPM-GPG-KEY-redhat-release
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/9/RPM-GPG-KEY-redhat-release
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/9/RPM-GPG-KEY-redhat-release
diff --git a/repos/system_upgrade/common/files/rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta b/repos/system_upgrade/common/files/distro/rhel/rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta
similarity index 100%
rename from repos/system_upgrade/common/files/rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta
rename to repos/system_upgrade/common/files/distro/rhel/rpm-gpg/9beta/RPM-GPG-KEY-redhat-beta
diff --git a/repos/system_upgrade/common/libraries/gpg.py b/repos/system_upgrade/common/libraries/gpg.py
index a8071329..c9c3f1fc 100644
--- a/repos/system_upgrade/common/libraries/gpg.py
+++ b/repos/system_upgrade/common/libraries/gpg.py
@@ -121,7 +121,13 @@ def get_path_to_gpg_certs():
     # only beta is special in regards to the GPG signing keys
     if target_product_type == 'beta':
         certs_dir = '{}beta'.format(target_major_version)
-    return os.path.join(api.get_common_folder_path(GPG_CERTS_FOLDER), certs_dir)
+    distro = api.current_actor().configuration.os_release.release_id
+    return os.path.join(
+        api.get_common_folder_path('distro'),
+        distro,
+        GPG_CERTS_FOLDER,
+        certs_dir
+    )
 
 
 def is_nogpgcheck_set():
diff --git a/repos/system_upgrade/common/libraries/tests/test_gpg.py b/repos/system_upgrade/common/libraries/tests/test_gpg.py
index 7cf37fa2..82b51abb 100644
--- a/repos/system_upgrade/common/libraries/tests/test_gpg.py
+++ b/repos/system_upgrade/common/libraries/tests/test_gpg.py
@@ -11,14 +11,16 @@ from leapp.libraries.stdlib import api
 from leapp.models import GpgKey, InstalledRPM, RPM
 
 
-@pytest.mark.parametrize('target, product_type, exp', [
-    ('8.6', 'beta', '../../files/rpm-gpg/8beta'),
-    ('8.8', 'htb', '../../files/rpm-gpg/8'),
-    ('9.0', 'beta', '../../files/rpm-gpg/9beta'),
-    ('9.2', 'ga', '../../files/rpm-gpg/9'),
+@pytest.mark.parametrize('target, product_type, distro, exp', [
+    ('8.6', 'beta', 'rhel', '../../files/distro/rhel/rpm-gpg/8beta'),
+    ('8.8', 'htb', 'rhel', '../../files/distro/rhel/rpm-gpg/8'),
+    ('9.0', 'beta', 'rhel', '../../files/distro/rhel/rpm-gpg/9beta'),
+    ('9.2', 'ga', 'rhel', '../../files/distro/rhel/rpm-gpg/9'),
+    ('10.0', 'ga', 'rhel', '../../files/distro/rhel/rpm-gpg/10'),
+    ('10', 'ga', 'centos', '../../files/distro/centos/rpm-gpg/10'),
 ])
-def test_get_path_to_gpg_certs(monkeypatch, target, product_type, exp):
-    current_actor = CurrentActorMocked(dst_ver=target,
+def test_get_path_to_gpg_certs(monkeypatch, target, product_type, distro, exp):
+    current_actor = CurrentActorMocked(dst_ver=target, release_id=distro,
                                        envars={'LEAPP_DEVEL_TARGET_PRODUCT_TYPE': product_type})
     monkeypatch.setattr(api, 'current_actor', current_actor)
 
@@ -33,7 +35,7 @@ def is_rhel7():
 @pytest.mark.skipif(distro.id() not in ("rhel", "centos"), reason="Requires RHEL or CentOS for valid results.")
 def test_gpg_show_keys(loaded_leapp_repository, monkeypatch):
     src = '7.9' if is_rhel7() else '8.6'
-    current_actor = CurrentActorMocked(src_ver=src)
+    current_actor = CurrentActorMocked(src_ver=src, release_id='rhel')
     monkeypatch.setattr(api, 'current_actor', current_actor)
 
     # python2 compatibility :/
@@ -78,7 +80,8 @@ def test_gpg_show_keys(loaded_leapp_repository, monkeypatch):
         # with some test data now -- rhel9 release key
         # rhel9_key_path = os.path.join(api.get_common_folder_path('rpm-gpg'), '9')
         cur_dir = os.path.dirname(os.path.abspath(__file__))
-        rhel9_key_path = os.path.join(cur_dir, '..', '..', 'files', 'rpm-gpg', '9',
+        rhel9_key_path = os.path.join(cur_dir, '..', '..', 'files',
+                                      'distro', 'rhel', 'rpm-gpg', '9',
                                       'RPM-GPG-KEY-redhat-release')
         res = gpg._gpg_show_keys(rhel9_key_path)
     finally:
-- 
2.49.0