[buildbot] phase1: fix signing steps when only apk_key is defined

LEDE Commits lede-commits at lists.infradead.org
Thu Dec 11 11:17:19 PST 2025 

ynezz pushed a commit to buildbot.git, branch main:
https://git.openwrt.org/b92996c987fa8d09e927be15e5bde3fc405b55b9

commit b92996c987fa8d09e927be15e5bde3fc405b55b9
Author: Petr Štetiar <ynezz at true.cz>
AuthorDate: Thu Dec 11 18:13:05 2025 +0000

    phase1: fix signing steps when only apk_key is defined
    
    Signing steps are currently skipped if only `apk_key` is configured for a
    branch, because `IsSignEnabled` only checks for `usign_key` or `gpg_key`.
    
    Fix this by explicitly checking for `apk_key`.
    
    While at it, refactor the signing checks into dedicated helper functions
    `IsApkSigningEnabled` and `IsGpgSigningEnabled` for better readability.
    
    Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 phase1/master.cfg | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/phase1/master.cfg b/phase1/master.cfg
index e3dee37..de60972 100644
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -88,7 +88,9 @@ def ini_parse_branch(section):
     b["src_url"] = section.get("source_url")
     b["src_key"] = section.get("source_password")
 
+    b["apk_key"] = section.get("apk_key")
     b["gpg_key"] = section.get("gpg_key")
+    b["gpg_keyid"] = section.get("gpg_keyid")
 
     b["usign_key"] = section.get("usign_key")
     usign_comment = "untrusted comment: " + name.replace("-", " ").title() + " key"
@@ -573,9 +575,24 @@ def IsUsignEnabled(step):
     return branch and branches[branch].get("usign_key")
 
 
-def IsSignEnabled(step):
+def IsApkSigningEnabled(step):
     branch = step.getProperty("branch")
-    return IsUsignEnabled(step) or branch and branches[branch].get("gpg_key")
+    return branch and branches[branch].get("apk_key")
+
+
+# gpg_key - contains the key in PGP format
+# gpg_keyid - contains the keyid of the key on the nk3 dongle
+def IsGpgSigningEnabled(step):
+    branch = step.getProperty("branch")
+    return branch and (
+        branches[branch].get("gpg_key") or branches[branch].get("gpg_keyid")
+    )
+
+
+def IsSignEnabled(step):
+    return (
+        IsUsignEnabled(step) or IsApkSigningEnabled(step) or IsGpgSigningEnabled(step)
+    )
 
 
 def IsKmodArchiveEnabled(step):

More information about the lede-commits mailing list