[elbe-devel] [PATCH 1/2] gpg: use set_engine_info to setup GNUPGHOME

Torben Hohn torben.hohn at linutronix.de
Wed Apr 3 17:45:34 CEST 2019


do not use environment variables, because they can create race conditions.

gpgme allows to set the GPGHOME via Context.set_engine_info().
Use that.

Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
 elbepack/debinstaller.py |  8 +++++++-
 elbepack/finetuning.py   | 12 +++++++++---
 elbepack/gpg.py          | 20 +++++++++++++++-----
 3 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/elbepack/debinstaller.py b/elbepack/debinstaller.py
index c02a4978..c7df027d 100644
--- a/elbepack/debinstaller.py
+++ b/elbepack/debinstaller.py
@@ -14,6 +14,10 @@ from urllib2 import urlopen
 from shutil import copyfileobj, copyfile
 from gpgme import Context
 
+# gpgme.PROTOCOL_OpenPGP is generated,
+# and pylint can not see it.
+from gpgme import PROTOCOL_OpenPGP # pylint: disable=no-name-in-module
+
 from elbepack.filesystem import TmpdirFilesystem
 from elbepack.gpg import OverallStatus, check_signature
 from elbepack.shellhelper import CommandError, system
@@ -107,8 +111,10 @@ def download_release(tmp, base_url):
 
     # setup gpg context, for verifying
     # the Release.gpg signature.
-    os.environ['GNUPGHOME'] = tmp.fname('/')
     ctx = Context()
+    ctx.set_engine_info(PROTOCOL_OpenPGP,
+                      None,
+                      tmp.fname('/'))
 
     # download the Relase file to a tmp file,
     # because we need it 2 times
diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
index ddce159e..ec5a69c6 100644
--- a/elbepack/finetuning.py
+++ b/elbepack/finetuning.py
@@ -13,7 +13,11 @@ import os
 from shutil import rmtree
 from io import BytesIO
 
-import gpgme
+from gpgme import Context
+
+# gpgme.PROTOCOL_OpenPGP is generated,
+# and pylint can not see it.
+from gpgme import PROTOCOL_OpenPGP # pylint: disable=no-name-in-module
 
 from apt.package import FetchError
 
@@ -395,9 +399,11 @@ class UpdatedAction(FinetuningAction):
             fp = self.node.et.text
             log.printo("transfer gpg key to target: " + fp)
 
-            os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
             key = BytesIO()
-            ctx = gpgme.Context()
+            ctx = Context()
+            ctx.set_engine_info(PROTOCOL_OpenPGP,
+                                None,
+                                '/var/cache/elbe/gnupg')
             ctx.armor = True
             ctx.export(fp, key)
 
diff --git a/elbepack/gpg.py b/elbepack/gpg.py
index c56f22e5..8ca753cc 100644
--- a/elbepack/gpg.py
+++ b/elbepack/gpg.py
@@ -115,8 +115,10 @@ def unsign_file(fname):
 
     outfilename = fname[:len(fname) - 4]
 
-    os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
     ctx = gpgme.Context()
+    ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+                        None,
+                        '/var/cache/elbe/gnupg')
     ctx.armor = False
 
     try:
@@ -147,8 +149,10 @@ def unsign_file(fname):
 
 def sign(infile, outfile, fingerprint):
 
-    os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
     ctx = gpgme.Context()
+    ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+                        None,
+                        '/var/cache/elbe/gnupg')
     key = None
 
     try:
@@ -177,8 +181,10 @@ def sign_file(fname, fingerprint):
 
 
 def get_fingerprints():
-    os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
     ctx = gpgme.Context()
+    ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+                        None,
+                        '/var/cache/elbe/gnupg')
     keys = ctx.keylist()
     fingerprints = []
     for k in keys:
@@ -188,16 +194,20 @@ def get_fingerprints():
 
 def generate_elbe_internal_key():
     hostfs.mkdir_p("/var/cache/elbe/gnupg")
-    os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
     ctx = gpgme.Context()
+    ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+                        None,
+                        '/var/cache/elbe/gnupg')
     key = ctx.genkey(elbe_internal_key_param)
 
     return key.fpr
 
 
 def export_key(fingerprint, outfile):
-    os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
     ctx = gpgme.Context()
+    ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+                        None,
+                        '/var/cache/elbe/gnupg')
     ctx.armor = True
 
     try:
-- 
2.11.0




More information about the elbe-devel mailing list