Disable GPG in inactive load import

The major releases loads are creating a remote without the
no-gpg-verify flag, this causes the pull from this repo to fail.

This commit adds this flag when creating an Ostree remote.
Also, it check and add gpg key after load_import script, to fix the
issue in N-1 loads missing this config.

Test-Plan:
PASS: Import a N+1 major release load and see the remote
      was created with gpg disabled in the config file
PASS: Import an N-1 major release load and see the remote
      was created with gpg disabled in the config file

Closes-Bug: 2124981

Change-Id: I6bb4fc6a535d0c8f954d778ec08f18f70a676254
Signed-off-by: Lindley Vieira <lindley.vieira@windriver.com>

software/scripts/major-release-upload

@@ -142,8 +142,9 @@ def load_import(from_release, to_major_rel, iso_mount_dir):
                 config.write(file, space_around_delimiters=False)
 
         # Create 'starlingx' remote on the feed ostree_repo
-        cmd = ["ostree", "remote", "add", "--repo=%s/ostree_repo/" % to_feed_dir,
+        cmd = ["ostree", "remote", "add", "--no-gpg-verify",
-               FEED_REMOTE, "http://controller:8080/feed/rel-%s/ostree_repo/" % to_major_rel,
+               "--repo=%s/ostree_repo/" % to_feed_dir, FEED_REMOTE,
+               "http://controller:8080/feed/rel-%s/ostree_repo/" % to_major_rel,
                FEED_BRANCH]
         try:
             subprocess.check_call(cmd)

software/software/constants.py

@@ -105,6 +105,8 @@ OSTREE_AUX_REMOTE_PATH = "/ostree/repo"
 OSTREE_HISTORY_NOT_FETCHED = "<< History beyond this commit not fetched >>"
 OSTREE_REPO = 'ostree_repo'
 SYSROOT_OSTREE_REF = "debian:starlingx"
+OSTREE_CONFIG = "config"
+OSTREE_GPG_VERIFY = "gpg-verify"
 
 # Sysroot
 SYSROOT_OSTREE = "/sysroot/ostree/repo"

software/software/ostree_utils.py

@@ -75,23 +75,23 @@ def get_ostree_latest_commit(ostree_ref, repo_path):
     return latest_commit
 
 
-def add_gpg_verify_false():
+def add_gpg_verify_false(repo_path=constants.SYSROOT_OSTREE):
     # TODO(mmachado): remove once gpg is enabled
     # Modify the ostree configuration to disable gpg-verify
-    try:
+    config_path = os.path.join(repo_path, constants.OSTREE_CONFIG)
-        command = """
+    if os.path.exists(config_path):
-        # Check if gpg-verify=false is at the end of the file and adds it if not
+        config = configparser.ConfigParser()
-        if ! tail -n 1 /sysroot/ostree/repo/config | grep -q '^gpg-verify=false$'; then
+        config.read(config_path)
-            echo "gpg-verify=false" >> /sysroot/ostree/repo/config
-        fi
-        """
-        subprocess.run(command, shell=True, check=True)
 
-    except subprocess.CalledProcessError as e:
+        for section in config.sections():
-        msg = "Failed to modify ostree config to disable GPG verification"
+            if section.startswith("remote ") and \
-        err_msg = "Command Error: return code: %s, Output: %s" \
+               constants.OSTREE_GPG_VERIFY not in config[section]:
-            % (e.returncode, e.stderr.decode("utf-8") if e.stderr else "No error message")
+                config[section][constants.OSTREE_GPG_VERIFY] = "false"
-        LOG.exception(err_msg)
+
+        with open(config_path, 'w') as file:
+            config.write(file, space_around_delimiters=False)
+    else:
+        msg = f"Ostree config file: {config_path} does not exist"
         raise OSTreeCommandFail(msg)
 
 

software/software/software_controller.py

@@ -1529,6 +1529,13 @@ class PatchController(PatchService):
             local_info += load_import_info or ""
             local_error += load_import_error or ""
 
+            # TODO(lvieira): fix when 24.09 is the N-1 load. Remove it in 26.09
+            ostree_feed_repo_path = os.path.join(
+                constants.FEED_OSTREE_BASE_DIR,
+                ("rel-%s" % utils.get_major_release_version(to_release)),
+                constants.OSTREE_REPO)
+            ostree_utils.add_gpg_verify_false(ostree_feed_repo_path)
+
             # Copy metadata.xml to /opt/software/rel-<rel>/
             to_file = os.path.join(constants.SOFTWARE_STORAGE_DIR,
                                    ("rel-%s" % to_release), "metadata.xml")