[devtools,v2] makechrootpkg: respect GNUPGHOME
diff mbox

Message ID 20180227161529.1637-1-me@aimileus.nl
State Accepted
Headers show

Commit Message

Eli Schwartz via arch-projects Feb. 27, 2018, 4:16 p.m. UTC
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
uses a custom GPG home directory, the siganture checking would fail.
Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.

Signed-off-by: Emiel Wiedijk <me@aimileus.nl>
---
 makechrootpkg.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Eli Schwartz via arch-projects May 31, 2018, 10:14 p.m. UTC | #1
Le 27/02/2018 à 17:16, Emiel Wiedijk via arch-projects a écrit :

> Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
> uses a custom GPG home directory, the siganture checking would fail.
> Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.
>
> Signed-off-by: Emiel Wiedijk <me@aimileus.nl>
> ---
>  makechrootpkg.in | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/makechrootpkg.in b/makechrootpkg.in
> index afcd121..653847f 100644
> --- a/makechrootpkg.in
> +++ b/makechrootpkg.in
> @@ -252,7 +252,8 @@ download_sources() {
>  	chmod 1777 "$builddir"
>  
>  	# Ensure sources are downloaded
> -	sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
> +	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
> +		env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
>  		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
>  		die "Could not download sources."
>  
> @@ -341,7 +342,7 @@ main() {
>  	[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
>  	makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
>  
> -	check_root SOURCE_DATE_EPOCH
> +	check_root SOURCE_DATE_EPOCH,GNUPGHOME
>  
>  	# Canonicalize chrootdir, getting rid of trailing /
>  	chrootdir=$(readlink -e "$passeddir")

Does not seem to work for me:
GNUPGHOME=/path/to/svn-community/.gnupg/ extra-x86_64-build
…
==> Verifying source file signatures with gpg...
    flickcurl-1.26.tar.gz ... FAILED (unknown public key 43EC92504F71955A)
…

(I have previously retrieved this key using
`GNUPGHOME=/path/to/svn-community/.gnupg/ gpg --recv-keys
43EC92504F71955A` of course)

Patch
diff mbox

diff --git a/makechrootpkg.in b/makechrootpkg.in
index afcd121..653847f 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -252,7 +252,8 @@  download_sources() {
 	chmod 1777 "$builddir"
 
 	# Ensure sources are downloaded
-	sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
+	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
+		env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
 		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
 		die "Could not download sources."
 
@@ -341,7 +342,7 @@  main() {
 	[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
 	makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
 
-	check_root SOURCE_DATE_EPOCH
+	check_root SOURCE_DATE_EPOCH,GNUPGHOME
 
 	# Canonicalize chrootdir, getting rid of trailing /
 	chrootdir=$(readlink -e "$passeddir")