[arch-projects] [devtools] [PATCH v2] makechrootpkg: respect GNUPGHOME

[Bruno Pagani]

Le 27/02/2018 à 17:16, Emiel Wiedijk via arch-projects a écrit :

> Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
> uses a custom GPG home directory, the siganture checking would fail.
> Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.
>
> Signed-off-by: Emiel Wiedijk <me at aimileus.nl>
> ---
>  makechrootpkg.in | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/makechrootpkg.in b/makechrootpkg.in
> index afcd121..653847f 100644
> --- a/makechrootpkg.in
> +++ b/makechrootpkg.in
> @@ -252,7 +252,8 @@ download_sources() {
>  	chmod 1777 "$builddir"
>  
>  	# Ensure sources are downloaded
> -	sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
> +	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
> +		env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
>  		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
>  		die "Could not download sources."
>  
> @@ -341,7 +342,7 @@ main() {
>  	[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
>  	makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
>  
> -	check_root SOURCE_DATE_EPOCH
> +	check_root SOURCE_DATE_EPOCH,GNUPGHOME
>  
>  	# Canonicalize chrootdir, getting rid of trailing /
>  	chrootdir=$(readlink -e "$passeddir")

Does not seem to work for me:
GNUPGHOME=/path/to/svn-community/.gnupg/ extra-x86_64-build
…
==> Verifying source file signatures with gpg...
    flickcurl-1.26.tar.gz ... FAILED (unknown public key 43EC92504F71955A)
…

(I have previously retrieved this key using
`GNUPGHOME=/path/to/svn-community/.gnupg/ gpg --recv-keys
43EC92504F71955A` of course)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-projects/attachments/20180601/74b3fb98/attachment.asc>