On Sat, Feb 13, 2016 at 01:08:48AM +0100, Thomas Bächler wrote:
If the ARCHISO_GNUPG_FD environment variable is set, its contents will be interpreted as an open file descriptor and its contents will be used to create a keyring in the initramfs in /gpg. --- archiso/initcpio/install/archiso | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/archiso/initcpio/install/archiso b/archiso/initcpio/install/archiso index 300dfef..715120b 100644 --- a/archiso/initcpio/install/archiso +++ b/archiso/initcpio/install/archiso @@ -14,11 +14,16 @@ build() { add_binary losetup add_binary mountpoint add_binary truncate + add_binary gpg
add_file /usr/lib/udev/rules.d/60-cdrom_id.rules add_file /usr/lib/udev/rules.d/10-dm.rules add_file /usr/lib/udev/rules.d/95-dm-notify.rules add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules + if [[ $ARCHISO_GNUPG_FD ]]; then + mkdir -p $BUILDROOT$dest/gpg
quote "$BUILDROOT$dest/gpg"
+ eval "cat <&$ARCHISO_GNUPG_FD" | gpg --homedir $BUILDROOT$dest/gpg --import
why not just: gpg --homedir "$BUILDROOT$dest/gpg" --import <&$ARCHISO_GNUPG_FD This is run by bash, so order of evaluation is sane. As is, your eval is not safe, and will under a variety of circumstances (the simplest of which is whitespace in the $BUILDROOT).
+ fi }
# vim: set ft=sh ts=4 sw=4 et: -- 2.6.3