[elbe-devel] [PATCH v2 5/6] init: set GNUPGHOME directory when generating elbe-keyring.gpg

Torben Hohn torben.hohn at linutronix.de
Wed Oct 2 12:07:07 CEST 2019 

When importing a key, gnupg will try to create a trustdb.gpg file in the
GNUPGHOME directory (~/.gnupg). When ~/.gnupg does not exist, gnupg will
refuse to work:

--------------------------------------------------------------------
18:53:50  INFO:root:gpg --no-options --no-default-keyring --keyring /initvm/image/.elbe-in/elbe-keyring --import
18:53:50  gpg: Fatal: /home/elbe/.gnupg: directory does not exist!
--------------------------------------------------------------------

The result is, that keys from the xml file are not added to the installer
keyring, and several packages can not be installed, when the key differs
from the default elbe key, which is also added via the system keyrings.

Set GNUPGHOME to a valid temporary path to make sure that gnupg has
access to GNUPGHOME and can create trustdb.gpg

While touching these lines also make sure, they are not longer than 80.

Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
Reviewed-by: John Ogness <john.ogness at linutronix.de>
---
 elbepack/commands/init.py | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/elbepack/commands/init.py b/elbepack/commands/init.py
index 6b463b4cb..fff3f69ac 100644
--- a/elbepack/commands/init.py
+++ b/elbepack/commands/init.py
@@ -231,12 +231,26 @@ def run_command(argv):
         keys = []
         for key in xml.all(".//initvm/mirror/url-list/url/raw-key"):
             keys.append(key.et.text)
+
         import_keyring = os.path.join(out_path, "elbe-keyring")
-        do('gpg --no-options --no-default-keyring --keyring %s --import' % import_keyring,
-                    stdin="".join(keys), allow_fail=True)
+
+        do('gpg --no-options \
+                --no-default-keyring \
+                --keyring %s --import' % import_keyring,
+           stdin="".join(keys),
+           allow_fail=True,
+           env_add={'GNUPGHOME': out_path})
+
         export_keyring = import_keyring + ".gpg"
-        do('gpg --no-options --no-default-keyring --keyring %s --export --output %s' % (import_keyring,
-                                                                                    export_keyring))
+
+        # No need to set GNUPGHOME because both input and output
+        # keyring files are specified.
+
+        do('gpg --no-options \
+                --no-default-keyring \
+                --keyring %s \
+                --export \
+                --output %s' % (import_keyring, export_keyring))
 
     if opt.devel:
         out_real = os.path.realpath(out_path)
-- 
2.20.1

More information about the elbe-devel mailing list