[pm publish] clean up key material handling
The key material handling during publish has become cumbersome due to
forward-backward compatibility as well as supporting use cases outside of the
local build. This change adds a lot of commentary to explain the intent of
nearby code to avoid further regressions in the area. All of the key material
handling and UX surface here needs a rework.
Of particular importance in this change:
* The root manifest is no longer required to be present when using non-local
keys directories. This was essentially never necessary, it was a workaround
to an initialization order issue that happened to work, but was not strictly
correct. It now maintains a sense of provenance and is load bearing in
specific places, thus it is maintained, but optional behavior.
* Key initialization is only performed when it is strictly necessary, for
example in the case where no predefined keys are provided, and the target
repository does not contain any keys.
* The root key is never required for online operations, and as such is not
considered missing when not present, and is not generated unless new online
keys are needed to be created.
* Key lookup is now by role instead of by json name, which resolves the keys
correctly, preventing unnecessary key generation leading to incompatible
incremental updates of repositories.
Test: manual: perform publish in standalone. perform publish similar to promote.py.
Bug: INTK-781
Change-Id: I35d877b39e3e8d4d7f4d1c3cd12998620ff84573
2 files changed