On Fri, Aug 22, 2014 at 05:12:53PM +0200, Guillem Jover wrote:
> Hi!
Hi,
> On Thu, 2014-08-21 at 21:12:20 +0200, Michael Vogt wrote:
> > Package: debsig-verify
> > Version: 0.10
>
> > I ran into a issue today that debsig-verify would fail if $HOME was
> > not writable to the debsig-verify progress. The reason is that gpg
> > tries to create/read a ~/.gnupg/{pubring,secring}.gpg.
> >
> > Attached is a patch that run gpg with its own GNUPGHOME instead of the
> > users.
>
> Ah, makes sense, given that the gpg invoked is not using any default
> options nor default keyrings. It should also have a more predictable
> behavior. Thanks for the patch!
[..]
Thanks a lot for your thorough review of the patch. I addressed your
point and attached a new version. Review welcome!
Please let me know if I went overbord with the free()/unset
gpg_tempdir in cleanup_gpg_tmpdir(). I understand this is not needed
given that its the exit handler, but I was thinking that this code
might be used in a different context at some point. But then it may
well be a instance of YAGNI. Just let me know and I'm happy to remove
it again.
Thanks!
Michael
>From a2e6c4e797e46ae2d5b7af11bda4e98c1a67d276 Mon Sep 17 00:00:00 2001
From: Michael Vogt <m...@ubuntu.com>
Date: Fri, 22 Aug 2014 18:08:47 +0200
Subject: [PATCH] run gpg with its own temporary GNUPGHOME directory
---
gpg-parse.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/gpg-parse.c b/gpg-parse.c
index bae2181..df59a3b 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -21,6 +21,9 @@
* routines to parse gpg output
*/
+#include <dpkg/path.h>
+
+#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -32,16 +35,33 @@
#include "debsig.h"
static int gpg_inited = 0;
+static char *gpg_tmpdir;
+
+static void
+cleanup_gpg_tmpdir(void)
+{
+ execlp("rm", "rm", "-rf", gpg_tmpdir, NULL);
+ free(gpg_tmpdir);
+ gpg_tmpdir = NULL;
+}
-/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will
- * fail first time called */
-static void gpg_init(void) {
+/* Ensure that gpg has a writable HOME to put its keyrings */
+static void
+gpg_init(void)
+{
int rc;
if (gpg_inited) return;
- rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1");
- if (rc < 0)
- ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg");
+
+ gpg_tmpdir = mkdtemp(path_make_temp_template("debsig-verify"));
+ if(!gpg_tmpdir)
+ ds_fail_printf(DS_FAIL_INTERNAL, "Cannot create temporary directory '%s'", gpg_tmpdir);
+ rc = setenv("GNUPGHOME", gpg_tmpdir, 1);
+ if(rc < 0)
+ ds_fail_printf(DS_FAIL_INTERNAL, "Can not set environment GNUPGHOME to '%s' (%s)", gpg_tmpdir, strerror(errno));
+ rc = atexit(cleanup_gpg_tmpdir);
+ if(rc != 0)
+ ds_fail_printf(DS_FAIL_INTERNAL, "Can not set atexit cleanup handler");
gpg_inited = 1;
}
--
2.0.0.rc0
