Package: debsig-verify Version: 0.10 Hi,
I ran into a issue today that debsig-verify would fail if $HOME was not writable to the debsig-verify progress. The reason is that gpg tries to create/read a ~/.gnupg/{pubring,secring}.gpg. Attached is a patch that run gpg with its own GNUPGHOME instead of the users. Feedback welcome! Thanks, Michael
diff -Nru debsig-verify-0.10/gpg-parse.c debsig-verify-0.10ubuntu1/gpg-parse.c --- debsig-verify-0.10/gpg-parse.c 2014-06-07 22:17:34.000000000 +0200 +++ debsig-verify-0.10ubuntu1/gpg-parse.c 2014-08-21 20:59:04.000000000 +0200 @@ -32,16 +32,28 @@ #include "debsig.h" static int gpg_inited = 0; +static char gpg_tmpdir[256] = {0,}; -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ +/* Crazy damn hack to make sure gpg has a writable HOME to put its + trustdb and secret keyring etc */ +static void cleanup_gpg_tmpdir(void) { + execl("/bin/rm", "rm", "-rf", gpg_tmpdir, NULL); +} static void gpg_init(void) { int rc; - if (gpg_inited) return; - rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1"); - if (rc < 0) - ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg"); + if (gpg_inited) + return; + + char *tmpdir = getenv("TMPDIR"); + if(!tmpdir) + tmpdir = "/tmp"; + snprintf(gpg_tmpdir, sizeof(gpg_tmpdir) -1, + "%s/%s", tmpdir, "debsig-verify.XXXXXX"); + if(!mkdtemp(gpg_tmpdir)) + ds_fail_printf(DS_FAIL_INTERNAL, "mkdtemp() failed for '%s'", gpg_tmpdir); + setenv("GNUPGHOME", gpg_tmpdir, 1); + atexit(cleanup_gpg_tmpdir); gpg_inited = 1; }