Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME

2018-02-27 Thread Emiel Wiedijk via arch-projects 
On Tue, Feb 27, 2018 at 03:44:07PM +0100, Eli Schwartz via arch-projects wrote:
> On 02/27/2018 05:41 AM, Emiel Wiedijk via arch-projects wrote:
> > Correct, but makepkg --verifysource is run with sudo -u $myuser, and sudo
> > resets the environment. And the code that copies ~/.gnupg to the chroot 
> > apparantly hasn't been removed yet (as of 
> > 38c7a391b043547b946a99731a56a233458ba7a2).
> > I just assumed (apparantly wrongly) that it was for GnuPG related tasks in 
> > the
> > PKGBUILD, and adjusted the code to copy the correct directory.
> 
> My point is that there is really no point in trying to preserve it in
> the chroot, since that section is dead code to begin with, and if you do
> anyways then your patch may clash with other pending patches. So of the
> three changes your patch made, you should probably only make the second
> and third.
> 
> I don't blame you for actually thinking dead code did something. :D
> 
> -- 
> Eli Schwartz
> Bug Wrangler and Trusted User
> 
Fair enough, I sent an updated patch :-).

Emiel Wiedijk

[arch-projects] [devtools] [PATCH v2] makechrootpkg: respect GNUPGHOME

2018-02-27 Thread Emiel Wiedijk via arch-projects 
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
uses a custom GPG home directory, the siganture checking would fail.
Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.

Signed-off-by: Emiel Wiedijk 
---
 makechrootpkg.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/makechrootpkg.in b/makechrootpkg.in
index afcd121..653847f 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -252,7 +252,8 @@ download_sources() {
chmod 1777 "$builddir"
 
# Ensure sources are downloaded
-   sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
+   sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
+   env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o 
||
die "Could not download sources."
 
@@ -341,7 +342,7 @@ main() {
[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid 
makepkg user.'
makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
 
-   check_root SOURCE_DATE_EPOCH
+   check_root SOURCE_DATE_EPOCH,GNUPGHOME
 
# Canonicalize chrootdir, getting rid of trailing /
chrootdir=$(readlink -e "$passeddir")
-- 
2.16.2

Re: [arch-projects] [devtools] makechrootpkg: respect GNUPGHOME

2018-02-27 Thread Emiel Wiedijk via arch-projects 
​> On 02/26/2018 02:03 PM, Emiel Wiedijk via arch-projects wrote:
> 
> > Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
> > 
> > uses a custom GPG home directory, the siganture checking would fail.
> > 
> > Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.
> 
> There is no signature checking in the chroot, see
> 
> https://lists.archlinux.org/pipermail/arch-projects/2018-January/004709.html
> 
> 
> ---
> 
> Eli Schwartz
> 
> Bug Wrangler and Trusted User

Correct, but makepkg --verifysource is run with sudo -u $myuser, and sudo
resets the environment. And the code that copies ~/.gnupg to the chroot 
apparantly hasn't been removed yet (as of 
38c7a391b043547b946a99731a56a233458ba7a2).
I just assumed (apparantly wrongly) that it was for GnuPG related tasks in the
PKGBUILD, and adjusted the code to copy the correct directory.

Emiel Wiedijk

[arch-projects] [devtools] makechrootpkg: respect GNUPGHOME

2018-02-26 Thread Emiel Wiedijk via arch-projects 
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
uses a custom GPG home directory, the siganture checking would fail.
Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.

Signed-off-by: Emiel Wiedijk 
---
 makechrootpkg.in | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/makechrootpkg.in b/makechrootpkg.in
index afcd121..5a79dc0 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -182,9 +182,10 @@ prepare_chroot() {
 
$install -d 
"$copydir"/{build,build/.gnupg,startdir,{pkg,srcpkg,src,log}dest}
 
-   for x in .gnupg/pubring.{kbx,gpg}; do
-   [[ -r $USER_HOME/$x ]] || continue
-   $install -m 644 "$USER_HOME/$x" "$copydir/build/$x"
+   for x in pubring.{kbx,gpg}; do
+   local pubring="${GNUPGHOME:-$USER_HOME/.gnupg}/$x"
+   [[ -r "$pubring" ]] || continue
+   $install -m 644 "$pubring" "$copydir/build/.gnupg/$x"
done
 
sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i 
"$copydir/etc/makepkg.conf"
@@ -252,7 +253,8 @@ download_sources() {
chmod 1777 "$builddir"
 
# Ensure sources are downloaded
-   sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
+   sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
+   env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o 
||
die "Could not download sources."
 
@@ -341,7 +343,7 @@ main() {
[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid 
makepkg user.'
makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
 
-   check_root SOURCE_DATE_EPOCH
+   check_root SOURCE_DATE_EPOCH,GNUPGHOME
 
# Canonicalize chrootdir, getting rid of trailing /
chrootdir=$(readlink -e "$passeddir")
-- 
2.16.2