[arch-general] aur/solr: Unknown PGP key

Eli Schwartz eschwartz at archlinux.org
Sun Jul 29 03:02:41 UTC 2018 

On 07/28/2018 05:13 AM, Ralph Corderoy wrote:
> Hi Ralf,
> 
>> I didn't read all related Wiki pages, but seemingly non, including
>> https://wiki.archlinux.org/index.php/makepkg mention Eli's hint, to
>> use
>>
>> echo 'GNUPGHOME="$HOME"/.gnupg-makepkg' >> "$HOME"/.config/pacman/makepkg.conf

It's just common sense IMHO. It's not even remotely makepkg-specific.
This is just basic "using different gnupg keyrings for different
purposes", the only thing special about putting it in makepkg.conf
instead of creating a shell alias:

alias makepkg="GNUPGHOME="$HOME"/.gnupg-makepkg makepkg"

is, well, to take advantage of the fact that makepkg.conf is a
bash-compatible configuration file and save on the aliases cluttering up
your shell environment. (Also I usually have makepkg aliased to
something else, that being my pacman.git copy which I hack on.)

>> Fortunately the manpage does.
>>
>> $ man makepkg | grep GNUPGHOME
>>        GNUPGHOME="/path/to/directory"
> 
> It mentions that environment variable, defined by gpg(1), but
> makepkg.conf(5) says
> 
>     Configuration options for makepkg are stored in makepkg.conf.
>     This file is sourced so you can include any special compiler flags
>     you wish to use.  This is helpful when building for different
>     architectures or with different optimizations.  However, only the
>     variables described below are exported to the build environment.
> 
> `GNUPGHOME' isn't described so I wouldn't expect it to be exported.  I
> suppose it's stated as being `sourced', and makepkg(1) says it's a
> script, and looking at /usr/bin/makepkg shows it's a bash script, so you
> could whack an `export' in makepkg.conf too, but it would be nice if
> makepkg.conf(5) gave explicit approval to arbitrary environment
> variables if that's intended.

The man page is entirely correct. The file is sourced, and anything
sourced in there is, well, sourced, regardless of how "arbitrary" it is.

To export something is completely different, how many variables there
will desperately need to be marked as something inheritable by child
processes?

makepkg does not export anything on its own, except for the minimal
things which actually need to be, which means compiler things like
{C,CXX,LD,MAKE}FLAGS, CHOST, DISTCC_HOSTS

Exporting e.g. BUILDDIR could be quite harmful and is in fact the reason
why some packages (which depressingly use this generic name as an
internal Makefile constant) will not build correctly using yaourt.

GNUPGHOME is definitively unlikely to be the same sort of issue... but
that's still no reason to declare random things as officially supported
and then source them just in case.

That being said, it is indeed a good point that I was incorrect and
you'd need to:

echo 'export GNUPGHOME="$HOME"/.gnupg-makepkg' >>
"$HOME"/.config/pacman/makepkg.conf

in order to make this work properly.

I consider this to be eminently reasonable without further modifications
to makepkg.conf(5), since it is described as being sourced after all.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20180728/e71ca661/attachment-0001.asc>

More information about the arch-general mailing list