[elbe-devel] [PATCH 5/6] init: set GPGHOME directory when generating elbe-keyring.gpg
John Ogness
john.ogness at linutronix.de
Wed Oct 2 10:41:15 CEST 2019
Some more suggested addtions from me...
On 2019-10-02, Torben Hohn <torben.hohn at linutronix.de> wrote:
>> Patch says GPGHOME but code sets GNUPGHOME.
>>
>> On 2019-10-01, Torben Hohn <torben.hohn at linutronix.de> wrote:
When importing a key, gnupg will try to create a trustdb.gpg file in the
GNUPGHOME directory (~/.gnupg). When ~/.gnupg does not exist, gnupg will
refuse to work:
>>> --------------------------------------------------------------------
>>> 18:53:50 INFO:root:gpg --no-options --no-default-keyring --keyring /initvm/image/.elbe-in/elbe-keyring --import
>>> 18:53:50 gpg: Fatal: /home/elbe/.gnupg: directory does not exist!
>>> --------------------------------------------------------------------
>>>
>>> the result is, that keys from the xml file are not added to the installer
>>> keyring, and several packages can not be installed, when the key differs
>>> from the default elbe key, which is also added via the system keyrings.
Set GNUPGHOME to a valid temporary path to make sure that gnupg has
access to GNUPGHOME and can create trustdb.gpg
-----------------------
Also, I suggest adding a comment about why GNUPGHOME is _not_ set for
the export call..
>>> export_keyring = import_keyring + ".gpg"
# No need to set GNUPGHOME because both input and output
# keyring files are specified.
>>> - do('gpg --no-options --no-default-keyring --keyring %s --export --output %s' % (import_keyring,
>>> - export_keyring))
>>> +
>>> + do('gpg --no-options \
>>> + --no-default-keyring \
>>> + --keyring %s \
>>> + --export \
>>> + --output %s' % (import_keyring, export_keyring))
If you make these (or similar) log/comment changes:
Reviewed-by: John Ogness <john.ogness at linutronix.de>
Thanks for the explanations.
John
More information about the elbe-devel
mailing list