[elbe-devel] [PATCH 5/6] init: set GPGHOME directory when generating elbe-keyring.gpg

Torben Hohn torben.hohn at linutronix.de
Wed Oct 2 09:31:53 CEST 2019 

On Wed, Oct 02, 2019 at 12:26:56AM +0200, John Ogness wrote:
> Patch says GPGHOME but code sets GNUPGHOME.
> 
> On 2019-10-01, Torben Hohn <torben.hohn at linutronix.de> wrote:
> > when ~/.gnupg does not exist, gnupg will refuse to work:
> >
> > --------------------------------------------------------------------
> > 18:53:50  INFO:root:gpg --no-options --no-default-keyring --keyring /initvm/image/.elbe-in/elbe-keyring --import
> > 18:53:50  gpg: Fatal: /home/elbe/.gnupg: directory does not exist!
> > --------------------------------------------------------------------
> >
> > the result is, that keys from the xml file are not added to the installer
> > keyring, and several packages can not be installed, when the key differs
> > from the default elbe key, which is also added via the system keyrings.
> 
> I don't understand how setting GNUPGHOME is related to what you've
> written here. Please elaborate.

suggested addition:

----------------------------------------------------------------------
Setting GNUPGHOME to a valid temporary path, makes sure, that gnupg
has access to GNUPGHOME, and can create trustdb.gpg


-------------------------------------------------------------------------------------------------------------------------------------------
[CMD] gpg --no-options                     --no-default-keyring                     --keyring /initvm/image/.elbe-in/elbe-keyring --import
gpg: WARNING: unsafe permissions on homedir '/initvm/image/.elbe-in'
gpg: keybox '/initvm/image/.elbe-in/elbe-keyring' created
gpg: /initvm/image/.elbe-in/trustdb.gpg: trustdb created
gpg: key 4CC0F2F16A7DADAB: public key "Elbe CI <elbe-devel at linutronix.de>" imported
gpg: key 36AA35FF22BB8F84: 1 signature not checked due to a missing key
gpg: key 36AA35FF22BB8F84: public key "ELBE Devel (Linutronix Elbe developers) <elbe-devel at linutronix.de>" imported
gpg: Total number processed: 2
gpg:               imported: 2
gpg: no ultimately trusted keys found
-------------------------------------------------------------------------------------------------------------------------------------------


> 
> Also, see comments below...
> 
> > While touching these lines also make sure, they are not longer than 80.
> >
> > Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
> > ---
> >  elbepack/commands/init.py | 19 +++++++++++++++----
> >  1 file changed, 15 insertions(+), 4 deletions(-)
> >
> > diff --git a/elbepack/commands/init.py b/elbepack/commands/init.py
> > index 6b463b4cb..3b0c32d45 100644
> > --- a/elbepack/commands/init.py
> > +++ b/elbepack/commands/init.py
> > @@ -231,12 +231,23 @@ def run_command(argv):
> >          keys = []
> >          for key in xml.all(".//initvm/mirror/url-list/url/raw-key"):
> >              keys.append(key.et.text)
> > +
> >          import_keyring = os.path.join(out_path, "elbe-keyring")
> > -        do('gpg --no-options --no-default-keyring --keyring %s --import' % import_keyring,
> > -                    stdin="".join(keys), allow_fail=True)
> > +
> > +        do('gpg --no-options \
> > +                --no-default-keyring \
> > +                --keyring %s --import' % import_keyring,
> > +           stdin="".join(keys),
> > +           allow_fail=True,
> > +           env_add={'GNUPGHOME': out_path})
> > +
> >          export_keyring = import_keyring + ".gpg"
> > -        do('gpg --no-options --no-default-keyring --keyring %s --export --output %s' % (import_keyring,
> > -                                                                                    export_keyring))
> > +
> > +        do('gpg --no-options \
> > +                --no-default-keyring \
> > +                --keyring %s \
> > +                --export \
> > +                --output %s' % (import_keyring, export_keyring))
> 
> Doesn't GNUPGHOME need to be set when exporting as well?

export works without "~/.gnupg", i could set it for completeness sake,
but its not strictly necessary.


> 
> >      if opt.devel:
> >          out_real = os.path.realpath(out_path)
> 
> John

-- 
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99

Hinweise zum Datenschutz finden Sie hier (Informations on data privacy 
can be found here): https://linutronix.de/kontakt/Datenschutz.php

Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen | 
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700 
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner

More information about the elbe-devel mailing list