Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME
On Tue, Feb 27, 2018 at 03:44:07PM +0100, Eli Schwartz via arch-projects wrote: > On 02/27/2018 05:41 AM, Emiel Wiedijk via arch-projects wrote: > > Correct, but makepkg --verifysource is run with sudo -u $myuser, and sudo > > resets the environment. And the code that copies ~/.gnupg to the chroot > > apparantly hasn't been removed yet (as of > > 38c7a391b043547b946a99731a56a233458ba7a2). > > I just assumed (apparantly wrongly) that it was for GnuPG related tasks in > > the > > PKGBUILD, and adjusted the code to copy the correct directory. > > My point is that there is really no point in trying to preserve it in > the chroot, since that section is dead code to begin with, and if you do > anyways then your patch may clash with other pending patches. So of the > three changes your patch made, you should probably only make the second > and third. > > I don't blame you for actually thinking dead code did something. :D > > -- > Eli Schwartz > Bug Wrangler and Trusted User > Fair enough, I sent an updated patch :-). Emiel Wiedijk
Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME
On 02/27/2018 05:41 AM, Emiel Wiedijk via arch-projects wrote: > Correct, but makepkg --verifysource is run with sudo -u $myuser, and sudo > resets the environment. And the code that copies ~/.gnupg to the chroot > apparantly hasn't been removed yet (as of > 38c7a391b043547b946a99731a56a233458ba7a2). > I just assumed (apparantly wrongly) that it was for GnuPG related tasks in the > PKGBUILD, and adjusted the code to copy the correct directory. My point is that there is really no point in trying to preserve it in the chroot, since that section is dead code to begin with, and if you do anyways then your patch may clash with other pending patches. So of the three changes your patch made, you should probably only make the second and third. I don't blame you for actually thinking dead code did something. :D -- Eli Schwartz Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature
Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME
> On 02/26/2018 02:03 PM, Emiel Wiedijk via arch-projects wrote: > > > Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user > > > > uses a custom GPG home directory, the siganture checking would fail. > > > > Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg. > > There is no signature checking in the chroot, see > > https://lists.archlinux.org/pipermail/arch-projects/2018-January/004709.html > > > --- > > Eli Schwartz > > Bug Wrangler and Trusted User Correct, but makepkg --verifysource is run with sudo -u $myuser, and sudo resets the environment. And the code that copies ~/.gnupg to the chroot apparantly hasn't been removed yet (as of 38c7a391b043547b946a99731a56a233458ba7a2). I just assumed (apparantly wrongly) that it was for GnuPG related tasks in the PKGBUILD, and adjusted the code to copy the correct directory. Emiel Wiedijk
Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME
On 02/26/2018 02:03 PM, Emiel Wiedijk via arch-projects wrote: > Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user > uses a custom GPG home directory, the siganture checking would fail. > Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg. There is no signature checking in the chroot, see https://lists.archlinux.org/pipermail/arch-projects/2018-January/004709.html -- Eli Schwartz Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature