osbuild/rpm: generate stable and unique gpg key options

The addition of repo configs from the depsolve result added in PR #537 [1] added a bit of non-determinism to the rpm stage option generation. The list of gpg keys to import always had duplicates but it was at least stable, based on the repository configurations for each build. Now, the repository configurations that we get from the depsolve aren't in stable order so the key order can change. This had no functional effect on the image build process, but it does mean that manifests generated with the same inputs have different IDs. Sort and deduplicate keys in the rpm stage option generation to make manifests stable. Deduplicating the keys also makes the manifests a bit "cleaner". [1] #537 Signed-off-by: Achilleas Koutsou <[email protected]>
osbuild · Apr 12, 2024 · 544eb91 · 544eb91
1 parent 5485c18
commit 544eb91
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/pkg/osbuild/rpm_stage.go b/pkg/osbuild/rpm_stage.go
@@ -2,6 +2,7 @@ package osbuild
 
 import (
 	"github.com/osbuild/images/pkg/rpmmd"
+	"golang.org/x/exp/slices"
 )
 
 type RPMStageOptions struct {
@@ -138,14 +139,21 @@ func pkgRefs(specs []rpmmd.PackageSpec) FilesInputRef {
 }
 
 func NewRPMStageOptions(repos []rpmmd.RepoConfig) *RPMStageOptions {
-	var gpgKeys []string
+	gpgKeys := make([]string, 0)
+	keyMap := make(map[string]bool) // for deduplicating keys
 	for _, repo := range repos {
 		if len(repo.GPGKeys) == 0 {
 			continue
 		}
-		gpgKeys = append(gpgKeys, repo.GPGKeys...)
+		for _, key := range repo.GPGKeys {
+			if !keyMap[key] {
+				gpgKeys = append(gpgKeys, key)
+				keyMap[key] = true
+			}
+		}
 	}
 
+	slices.Sort(gpgKeys)
 	return &RPMStageOptions{
 		GPGKeys: gpgKeys,
 	}