[backend] implement pubkey replacement in kiwitree case

src/backend/bs_repserver

@@ -1556,7 +1556,7 @@ sub receivekiwitree {
 	    $found = 1;
 	  }
 	}
-      } elsif ($file =~ /\.asc$/s) {
+      } elsif ($file =~ /\.(?:asc|key)$/s) {
 	push @tosign, $file;
       }
       $todo{$file} = 1 unless $found;

src/backend/bs_signer

@@ -295,18 +295,25 @@ sub signjob {
   my $projid = $info->{'project'};
   my @files = sort(ls($jobdir));
   my @signfiles = grep {/\.(?:d?rpm|sha256|iso|pkg\.tar\.gz|pkg\.tar\.xz)$/} @files;
+  my $needpubkey;
   if (grep {$_ eq '.kiwitree_tosign'} @files) {
     for my $f (split("\n", readstr("$jobdir/.kiwitree_tosign"))) {
       next if $f eq '';
       $f =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
       die("bad file in kiwitree_tosign: $f\n") if "/$f/" =~ /\/\.{0,2}\//s;
+      if ($f =~ /.\.key$/) {
+	next unless ((-s "$jobdir/$f") || 0) == 8192;
+	$needpubkey = 1;
+	push @signfiles, $f;
+	next;
+      }
       die("bad file in kiwitree_tosign: $f\n") unless $f =~ /^(.*)\.asc$/s;
       push @signfiles, $f if -s "$jobdir/$f" && -e "$jobdir/$1";
     }
   }
   if (@signfiles) {
     my @signargs;
-    my $needpubkey = grep {/\.iso$/} @signfiles;
+    $needpubkey ||= grep {/\.iso$/} @signfiles;
     push @signargs, '--project', $projid if $BSConfig::sign_project;
     my $param = {
       'uri' => "$BSConfig::srcserver/getsignkey",
@@ -346,6 +353,15 @@ sub signjob {
 	@signmode = ('-d');
 	$signfile =~ s/\.asc$//s;
       }
+      if ($signfile =~ /\.key$/s) {
+	next unless (-s "$jobdir/$signfile") == 8192;
+	my $signfilec = readstr("$jobdir/$signfile");
+	next if substr($signfilec, 0, 8) ne "sIGnMeP\n";
+	$pubkey ||= signfilter(undef, @signargs, '-p');
+	die("pubkey is not available\n") unless $pubkey;
+	writestr("$jobdir/$signfile.tmp$$", "$jobdir/$signfile", $pubkey);
+	next;
+      }
       if (system($BSConfig::sign, @signargs, @signmode, "$jobdir/$signfile")) {
         unlink("$uploaddir/signer.$$") if $signkey;
 	close F;