[pacman-dev] Setting HOME in build() breaks package signing
brainpower at mailbox.org
Tue May 5 20:11:40 UTC 2020
a while back I came across a PKGBUILD which changed $HOME in build() as a workaround for a bad installer .
For some reason this failed to build with `makepkg --sign`, claiming it could not find my gpg key, see snippet below.
After some time debugging this, I found changing $HOME broke the check for the key
because gpg would look for it's .gnupg dir in the "new" $HOME, not the $HOME makepkg was started with.
I solved this by editing the PKGBUILD to restore $HOME before exiting build().
I had thought changing $HOME was only used in that single case and didn't think much of it,
but today a PKGBUILD  posted in a question on aur-general  reminded me of this
and it seems this workaround is considered by packagers more commonly than I thought...
This made me wonder:
Is this something makepkg should take care of (e.g.by restoring $HOME after build() or ensuring gpg will use $OLDHOME/.gnupg)
or should such a PKGBUILD be considered broken / invalid?
$ makepkg --sign
==> Making package: broken-home 1-1 (Tue May 5 21:35:57 2020)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
==> Extracting sources...
==> Removing existing $pkgdir/ directory...
==> Starting build()...
==> Entering fakeroot environment...
==> ERROR: The key 06ABC843BA90E65B does not exist in your keyring.
$ gpg --list-key 06ABC843BA90E65B :(
pub rsa4096 2019-03-05 [SC]
uid [ultimate] package signing key <brainpower at mailbox.org>
sub rsa4096 2019-03-05 [E]
$ cat PKGBUILD
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the pacman-dev