[pacman-dev] [PATCH] Create pacman keyring directory if missing
Ray Kohler
ataraxia937 at gmail.com
Sun Mar 27 23:50:57 EDT 2011
On Sun, Mar 27, 2011 at 10:43 PM, Ray Kohler <ataraxia937 at gmail.com> wrote:
> On Sun, Mar 27, 2011 at 10:32 PM, Dan McGee <dpmcgee at gmail.com> wrote:
>> On Sun, Mar 27, 2011 at 11:14 AM, Ray Kohler <ataraxia937 at gmail.com> wrote:
>>> Use mode 755, so non-root users can see inside.
>>> Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
>>> otherwise comes of not using mode 700 - this is not private data.
>>>
>>> GPGme turns out not to issue this warning itself, so no problem there.
>>>
>>> TODO: should non-root users be allowed to use the read-only operations
>>> (--list, --export, --finger)?
>> I would say yes- is there any reason not to allow them to?
>
> I'll do that, then - but in a second patch, not an update to this one.
The apparently read-only operations turn out not to be so. gpg insists
on creating a lock file in the homedir, such that even if we grant
non-root users read access to the homedir, pubring, and trustdb, these
will still fail:
$ ./pacman-key -l
gpg: failed to create temporary file
`/etc/pacman.d/gnupg/.#lk0x911500.asenath.cc.cmu.edu.26039':
Permission denied
gpg: fatal: can't create lock for `/etc/pacman.d/gnupg/trustdb.gpg'
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
I'm going to bail out on this one.
More information about the pacman-dev
mailing list