[elbe-devel] [PATCH v2 1/2] gpg: use set_engine_info to setup GNUPGHOME
Torben Hohn
torben.hohn at linutronix.de
Thu Apr 4 12:44:58 CEST 2019
do not use environment variables, because they can create race conditions.
python-gpg allows to set the GPGHOME via Context.set_engine_info().
Use that.
Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
elbepack/debinstaller.py | 5 ++++-
elbepack/egpg.py | 22 ++++++++++++++++------
elbepack/finetuning.py | 5 ++++-
3 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/elbepack/debinstaller.py b/elbepack/debinstaller.py
index 0fa8fffa..ffe4b542 100644
--- a/elbepack/debinstaller.py
+++ b/elbepack/debinstaller.py
@@ -24,6 +24,7 @@ except ImportError:
urlopen = urllib2.urlopen
from gpg import core
+from gpg.constants import PROTOCOL_OpenPGP
from shutil import copyfileobj, copyfile
from elbepack.filesystem import TmpdirFilesystem
@@ -126,8 +127,10 @@ def download_release(tmp, base_url):
# setup gpg context, for verifying
# the Release.gpg signature.
- os.environ['GNUPGHOME'] = tmp.fname('/')
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ tmp.fname('/'))
# download the Relase file to a tmp file,
# because we need it 2 times
diff --git a/elbepack/egpg.py b/elbepack/egpg.py
index 1da1553c..a2f71ec0 100644
--- a/elbepack/egpg.py
+++ b/elbepack/egpg.py
@@ -10,7 +10,7 @@ from __future__ import print_function
import os
from gpg import core
-from gpg.constants import sigsum, sig
+from gpg.constants import sigsum, sig, PROTOCOL_OpenPGP
from elbepack.filesystem import hostfs
from elbepack.shellhelper import system
@@ -118,8 +118,10 @@ def unsign_file(fname):
outfilename = fname[:len(fname) - 4]
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.set_armor(False)
try:
@@ -149,8 +151,10 @@ def unsign_file(fname):
return None
def unlock_key(fingerprint):
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
key = ctx.get_key(fingerprint, secret=True)
keygrip = key.subkeys[0].keygrip
system("/usr/lib/gnupg2/gpg-preset-passphrase "
@@ -159,8 +163,10 @@ def unlock_key(fingerprint):
def sign(infile, outfile, fingerprint):
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
key = None
try:
@@ -194,8 +200,10 @@ def sign_file(fname, fingerprint):
def get_fingerprints():
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
keys = ctx.op_keylist_all(None, False)
fingerprints = []
for k in keys:
@@ -207,8 +215,10 @@ def generate_elbe_internal_key():
hostfs.mkdir_p("/var/cache/elbe/gnupg")
hostfs.write_file("/var/cache/elbe/gnupg/gpg-agent.conf", 0o600,
"allow-preset-passphrase")
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.op_genkey(elbe_internal_key_param, None, None)
key = ctx.op_genkey_result()
diff --git a/elbepack/finetuning.py b/elbepack/finetuning.py
index 8e2fc4a0..aeaa7399 100644
--- a/elbepack/finetuning.py
+++ b/elbepack/finetuning.py
@@ -12,6 +12,7 @@ import os
from shutil import rmtree
from gpg import core
+from gpg.constants import PROTOCOL_OpenPGP
from apt.package import FetchError
from elbepack.repomanager import UpdateRepo
@@ -418,9 +419,11 @@ class UpdatedAction(FinetuningAction):
fp = self.node.et.text
log.printo("transfer gpg key to target: " + fp)
- os.environ['GNUPGHOME'] = "/var/cache/elbe/gnupg"
gpgdata = core.Data()
ctx = core.Context()
+ ctx.set_engine_info(PROTOCOL_OpenPGP,
+ None,
+ '/var/cache/elbe/gnupg')
ctx.set_armor(True)
unlock_key(fp)
ctx.op_export(fp, 0, gpgdata)
--
2.11.0
More information about the elbe-devel
mailing list