Hi, a while back I came across a PKGBUILD which changed $HOME in build() as a workaround for a bad installer [1]. For some reason this failed to build with `makepkg --sign`, claiming it could not find my gpg key, see snippet below. After some time debugging this, I found changing $HOME broke the check for the key because gpg would look for it's .gnupg dir in the "new" $HOME, not the $HOME makepkg was started with. I solved this by editing the PKGBUILD to restore $HOME before exiting build().
I had thought changing $HOME was only used in that single case and didn't think
much of it,
but today a PKGBUILD [3] posted in a question on aur-general [2] reminded me of
this
and it seems this workaround is considered by packagers more commonly than I
thought...
This made me wonder:
Is this something makepkg should take care of (e.g.by restoring $HOME after
build() or ensuring gpg will use $OLDHOME/.gnupg)
or should such a PKGBUILD be considered broken / invalid?
$ makepkg --sign
==> Making package: broken-home 1-1 (Tue May 5 21:35:57 2020)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
==> Extracting sources...
==> Removing existing $pkgdir/ directory...
==> Starting build()...
==> Entering fakeroot environment...
==> ERROR: The key 06ABC843BA90E65B does not exist in your keyring.
$ gpg --list-key 06ABC843BA90E65B
:(
pub rsa4096 2019-03-05 [SC]
59EB8C1AF8CFEBF4A683760206ABC843BA90E65B
uid [ultimate] package signing key <[email protected]>
sub rsa4096 2019-03-05 [E]
$ cat PKGBUILD
pkgname=broken-home
pkgver=1
pkgrel=1
arch=('any')
build() {
export HOME="${srcdir}/tmphome"
}
package() {
true
}
[1]:
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=mongodb-compass-isolated&id=a714f2bb3a564e8b1e1659b999d719cfaf535c24#n48
[2]: https://lists.archlinux.org/pipermail/aur-general/2020-May/035729.html
[3]:
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=intel-opencl-sdk&id=a426e7bc370edea770037b6ed61e22701e8a0397#n38
--
regards,
brainpower
signature.asc
Description: OpenPGP digital signature
