Hi,
a while back I came across a PKGBUILD which changed $HOME in build() as a workaround for a bad installer [1].
For some reason this failed to build with `makepkg --sign`, claiming it could not find my gpg key, see snippet below.
After some time debugging this, I found changing $HOME broke the check for the key
because gpg would look for it's .gnupg dir in the "new" $HOME, not the $HOME makepkg was started with.
I solved this by editing the PKGBUILD to restore $HOME before exiting build().
I had thought changing $HOME was only used in that single case and didn't think much of it,
but today a PKGBUILD [3] posted in a question on aur-general [2] reminded me of this
and it seems this workaround is considered by packagers more commonly than I thought...
This made me wonder:
Is this something makepkg should take care of (e.g.by restoring $HOME after build() or ensuring gpg will use $OLDHOME/.gnupg)
or should such a PKGBUILD be considered broken / invalid?
$ makepkg --sign
==> Making package: broken-home 1-1 (Tue May 5 21:35:57 2020)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
==> Extracting sources...
==> Removing existing $pkgdir/ directory...
==> Starting build()...
==> Entering fakeroot environment...
==> ERROR: The key 06ABC843BA90E65B does not exist in your keyring.
$ gpg --list-key 06ABC843BA90E65B :(
pub rsa4096 2019-03-05 [SC]
59EB8C1AF8CFEBF4A683760206ABC843BA90E65B
uid [ultimate] package signing key