[elbe-devel] [PATCH 1/2] gpg: use set_engine_info to setup GNUPGHOME
Torben Hohn
torben.hohn at linutronix.de
Wed Apr 3 17:45:34 CEST 2019
do not use environment variables, because they can create race conditions.
gpgme allows to set the GPGHOME via Context.set_engine_info().
Use that.
Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
elbepack/debinstaller.py | 8 +++++++-
elbepack/finetuning.py | 12 +++++++++---
elbepack/gpg.py | 20 +++++++++++++++-----
3 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/elbepack/debinstaller.py b/elbepack/debinstaller.py
index c02a4978..c7df027d 100644
--- a/elbepack/debinstaller.py
+++ b/elbepack/debinstaller.py
@@ -14,6 +14,10 @@ from urllib2 import urlopen
from shutil import copyfileobj, copyfile
from gpgme import Context
+# gpgme.PROTOCOL_OpenPGP is generated,
+# and pylint can not see it.
+from gpgme import PROTOCOL_OpenPGP # pylint: disable=no-name-in-module
+
from elbepack.filesystem import TmpdirFilesystem
from elbepack.gpg import OverallStatus, check_signature
from elbepack.shellhelper import CommandError, system
@@ -107,8 +111,10 @@ def download_release(tmp, base_url):
# setup gpg context, for verifying
# the Release.gpg signature.
- os.environ['GNUPGHOME'] = tmp.fname('/')
ctx = Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ tmp.fname('/'))
# download the Relase file to a tmp file,
# because we need it 2 times
diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
index ddce159e..ec5a69c6 100644
--- a/elbepack/finetuning.py
+++ b/elbepack/finetuning.py
@@ -13,7 +13,11 @@ import os
from shutil import rmtree
from io import BytesIO
-import gpgme
+from gpgme import Context
+
+# gpgme.PROTOCOL_OpenPGP is generated,
+# and pylint can not see it.
+from gpgme import PROTOCOL_OpenPGP # pylint: disable=no-name-in-module
from apt.package import FetchError
@@ -395,9 +399,11 @@ class UpdatedAction(FinetuningAction):
fp = self.node.et.text
log.printo("transfer gpg key to target: " + fp)
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
key = BytesIO()
- ctx = gpgme.Context()
+ ctx = Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.armor = True
ctx.export(fp, key)
diff --git a/elbepack/gpg.py b/elbepack/gpg.py
index c56f22e5..8ca753cc 100644
--- a/elbepack/gpg.py
+++ b/elbepack/gpg.py
@@ -115,8 +115,10 @@ def unsign_file(fname):
outfilename = fname[:len(fname) - 4]
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = gpgme.Context()
+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.armor = False
try:
@@ -147,8 +149,10 @@ def unsign_file(fname):
def sign(infile, outfile, fingerprint):
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = gpgme.Context()
+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
key = None
try:
@@ -177,8 +181,10 @@ def sign_file(fname, fingerprint):
def get_fingerprints():
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = gpgme.Context()
+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
keys = ctx.keylist()
fingerprints = []
for k in keys:
@@ -188,16 +194,20 @@ def get_fingerprints():
def generate_elbe_internal_key():
hostfs.mkdir_p("/var/cache/elbe/gnupg")
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = gpgme.Context()
+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
key = ctx.genkey(elbe_internal_key_param)
return key.fpr
def export_key(fingerprint, outfile):
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = gpgme.Context()
+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.armor = True
try:
--
2.11.0
More information about the elbe-devel
mailing list