[pacman-dev] [PATCH] Create pacman keyring directory if missing

Allan McRae allan at archlinux.org
Thu Mar 24 21:49:02 EDT 2011


On 25/03/11 11:32, Dan McGee wrote:
> On Thu, Mar 24, 2011 at 8:00 PM, Denis A. Altoé Falqueto
> <denisfalqueto at gmail.com>  wrote:
>> On Thu, Mar 24, 2011 at 8:05 PM, Ray Kohler<ataraxia937 at gmail.com>  wrote:
>>>
>>> Signed-off-by: Ray Kohler<ataraxia937 at gmail.com>
>>> ---
>>>   scripts/pacman-key.sh.in |    6 ++++++
>>>   1 files changed, 6 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
>>> index 5746e64..ccc7f92 100644
>>> --- a/scripts/pacman-key.sh.in
>>> +++ b/scripts/pacman-key.sh.in
>>> @@ -246,6 +246,12 @@ if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
>>>   fi
>>>   GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
>>>
>>> +# Try to create $PACMAN_KEYRING_DIR if non-existent
>>> +# Check for simple existence rather than for a directory as someone may want
>>> +# to use a symlink here
>>> +# Force mode 700 as gpg complains if any group or other access is present
>>> +[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 700 "${PACMAN_KEYRING_DIR}"
> Why 700? Any reason a normal user should not be able to read this and
> validate a package on a non-root operation? e.g. pacman -Qlp<package>
> should run our GPG machinery eventually if a .sig is sitting
> alongside.

gpg makes warnings about anything else.  These warnings can be 
suppressed with command-line gpg usage, so I guess they can be 
suppressed in gpgme.

Allan



More information about the pacman-dev mailing list