Fix for microdnf segfault

Signed-off-by: Riccardo Pittau <elfosardo@gmail.com>

Author: elfosardo

Dockerfile

@@ -37,14 +37,20 @@ ENV UPPER_CONSTRAINTS_FILE=${UPPER_CONSTRAINTS_FILE} \
     SETUPTOOLS_VERSION=${SETUPTOOLS_VERSION}
 
 RUN --mount=type=cache,sharing=locked,target=/var/cache/dnf \
-    echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
-    echo "tsflags=nodocs" >> /etc/dnf/dnf.conf && \
-    echo "keepcache=1" >> /etc/dnf/dnf.conf && \
+    # Remove the specific key files that cause the parsing crash
+    rm -f /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-PQC && \
+    # Use the stable 'rpm' tool to import the official key
+    # This avoids the microdnf/GLib bug while keeping GPG checks ENABLED
+    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial && \
+    # Configure DNF behavior
+    printf "[main]\ninstall_weak_deps=0\ntsflags=nodocs\nkeepcache=1\n" > /etc/dnf/dnf.conf && \
+    # Proceed with installation (GPG check remains on by default)
     microdnf install -y \
         gcc \
         python3.12-devel \
         python3.12-pip \
-        python3.12-setuptools
+        python3.12-setuptools && \
+    microdnf clean all
 
 COPY ${UPPER_CONSTRAINTS_FILE} ironic-deps-list /tmp/
 COPY build-wheels.sh /bin/

prepare-image.sh

@@ -2,6 +2,16 @@
 
 set -euxo pipefail
 
+# --- GPG Bug Workaround ---
+# 1. Clear out the problematic key files to prevent microdnf memory corruption
+rm -f /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-PQC
+
+# 2. Re-import the primary official key using the stable RPM tool
+# This populates the RPM database so microdnf doesn't have to parse them
+if [ -f /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial ]; then
+    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+fi
+
 cat >> /etc/dnf/dnf.conf<< EOF
 install_weak_deps=False
 tsflags=nodocs