On Fri, Aug 22, 2014 at 05:12:53PM +0200, Guillem Jover wrote: > Hi! Hi, > On Thu, 2014-08-21 at 21:12:20 +0200, Michael Vogt wrote: > > Package: debsig-verify > > Version: 0.10 > > > I ran into a issue today that debsig-verify would fail if $HOME was > > not writable to the debsig-verify progress. The reason is that gpg > > tries to create/read a ~/.gnupg/{pubring,secring}.gpg. > > > > Attached is a patch that run gpg with its own GNUPGHOME instead of the > > users. > > Ah, makes sense, given that the gpg invoked is not using any default > options nor default keyrings. It should also have a more predictable > behavior. Thanks for the patch! [..]
Thanks a lot for your thorough review of the patch. I addressed your point and attached a new version. Review welcome! Please let me know if I went overbord with the free()/unset gpg_tempdir in cleanup_gpg_tmpdir(). I understand this is not needed given that its the exit handler, but I was thinking that this code might be used in a different context at some point. But then it may well be a instance of YAGNI. Just let me know and I'm happy to remove it again. Thanks! Michael
>From a2e6c4e797e46ae2d5b7af11bda4e98c1a67d276 Mon Sep 17 00:00:00 2001 From: Michael Vogt <m...@ubuntu.com> Date: Fri, 22 Aug 2014 18:08:47 +0200 Subject: [PATCH] run gpg with its own temporary GNUPGHOME directory --- gpg-parse.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/gpg-parse.c b/gpg-parse.c index bae2181..df59a3b 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -21,6 +21,9 @@ * routines to parse gpg output */ +#include <dpkg/path.h> + +#include <errno.h> #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -32,16 +35,33 @@ #include "debsig.h" static int gpg_inited = 0; +static char *gpg_tmpdir; + +static void +cleanup_gpg_tmpdir(void) +{ + execlp("rm", "rm", "-rf", gpg_tmpdir, NULL); + free(gpg_tmpdir); + gpg_tmpdir = NULL; +} -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ -static void gpg_init(void) { +/* Ensure that gpg has a writable HOME to put its keyrings */ +static void +gpg_init(void) +{ int rc; if (gpg_inited) return; - rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1"); - if (rc < 0) - ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg"); + + gpg_tmpdir = mkdtemp(path_make_temp_template("debsig-verify")); + if(!gpg_tmpdir) + ds_fail_printf(DS_FAIL_INTERNAL, "Cannot create temporary directory '%s'", gpg_tmpdir); + rc = setenv("GNUPGHOME", gpg_tmpdir, 1); + if(rc < 0) + ds_fail_printf(DS_FAIL_INTERNAL, "Can not set environment GNUPGHOME to '%s' (%s)", gpg_tmpdir, strerror(errno)); + rc = atexit(cleanup_gpg_tmpdir); + if(rc != 0) + ds_fail_printf(DS_FAIL_INTERNAL, "Can not set atexit cleanup handler"); gpg_inited = 1; } -- 2.0.0.rc0