[pacman-dev] [PATCH] Create pacman keyring directory if missing

Dan McGee dpmcgee at gmail.com
Thu Mar 24 21:32:56 EDT 2011


On Thu, Mar 24, 2011 at 8:00 PM, Denis A. Altoé Falqueto
<denisfalqueto at gmail.com> wrote:
> On Thu, Mar 24, 2011 at 8:05 PM, Ray Kohler <ataraxia937 at gmail.com> wrote:
>>
>> Signed-off-by: Ray Kohler <ataraxia937 at gmail.com>
>> ---
>>  scripts/pacman-key.sh.in |    6 ++++++
>>  1 files changed, 6 insertions(+), 0 deletions(-)
>>
>> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
>> index 5746e64..ccc7f92 100644
>> --- a/scripts/pacman-key.sh.in
>> +++ b/scripts/pacman-key.sh.in
>> @@ -246,6 +246,12 @@ if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
>>  fi
>>  GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
>>
>> +# Try to create $PACMAN_KEYRING_DIR if non-existent
>> +# Check for simple existence rather than for a directory as someone may want
>> +# to use a symlink here
>> +# Force mode 700 as gpg complains if any group or other access is present
>> +[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 700 "${PACMAN_KEYRING_DIR}"
Why 700? Any reason a normal user should not be able to read this and
validate a package on a non-root operation? e.g. pacman -Qlp <package>
should run our GPG machinery eventually if a .sig is sitting
alongside.

>> +
>>  # Parse and execute command
>>  command="$1"
>>  if [[ -z "${command}" ]]; then
>> --
>> 1.7.4.1
>
> Hi, Ray.
>
> I would like to say that the creation of the directory was originally
> a feature of pacman-key. But Allan suggested to move the
> responsibility to the makefile of pacman, so the keyring would be
> created empty by the build system. It is yet a TODO item, indeed. So,
> it's the distribution duty to package it the way it fits better for
> them.
We lazily create sync/ directories in pacman; I don't see why
pacman-key shouldn't create its directory if necessary either. I'm all
for this.


More information about the pacman-dev mailing list