Package: debsig-verify
Version: 0.10
Hi,
I ran into a issue today that debsig-verify would fail if $HOME was
not writable to the debsig-verify progress. The reason is that gpg
tries to create/read a ~/.gnupg/{pubring,secring}.gpg.
Attached is a patch that run gpg with its own GNUPGHOME instead of the
users.
Feedback welcome!
Thanks,
Michael
diff -Nru debsig-verify-0.10/gpg-parse.c debsig-verify-0.10ubuntu1/gpg-parse.c
--- debsig-verify-0.10/gpg-parse.c 2014-06-07 22:17:34.000000000 +0200
+++ debsig-verify-0.10ubuntu1/gpg-parse.c 2014-08-21 20:59:04.000000000 +0200
@@ -32,16 +32,28 @@
#include "debsig.h"
static int gpg_inited = 0;
+static char gpg_tmpdir[256] = {0,};
-/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will
- * fail first time called */
+/* Crazy damn hack to make sure gpg has a writable HOME to put its
+ trustdb and secret keyring etc */
+static void cleanup_gpg_tmpdir(void) {
+ execl("/bin/rm", "rm", "-rf", gpg_tmpdir, NULL);
+}
static void gpg_init(void) {
int rc;
- if (gpg_inited) return;
- rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1");
- if (rc < 0)
- ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg");
+ if (gpg_inited)
+ return;
+
+ char *tmpdir = getenv("TMPDIR");
+ if(!tmpdir)
+ tmpdir = "/tmp";
+ snprintf(gpg_tmpdir, sizeof(gpg_tmpdir) -1,
+ "%s/%s", tmpdir, "debsig-verify.XXXXXX");
+ if(!mkdtemp(gpg_tmpdir))
+ ds_fail_printf(DS_FAIL_INTERNAL, "mkdtemp() failed for '%s'", gpg_tmpdir);
+ setenv("GNUPGHOME", gpg_tmpdir, 1);
+ atexit(cleanup_gpg_tmpdir);
gpg_inited = 1;
}
