Commit 3cb7643d authored by Andrew Branson's avatar Andrew Branson

[gpg] Set GPG home directory when reading signature IDs. Fixes JB#44305

GPG will not start unless it finds or can create ~/.gnupg for its conf
and keyrings, and PackageKit runs without a valid home. For every other
key operation it sets the home to temporary directories containing
general or trusted keyrings, but reading a signature ID from a file
shouldn't need one so it's not done right now. Also, zypp shouldn't ever
touch the user's keyrings, as it should operate exclusively with keys
from the RPM db.

This patch sets the keyring to the general keyring home for this call.
It fixes PackageKit, and prevents a permanent ~/.gnupg from being
created.
parent b38f5be3
From 11d772131cf682b153071ec5a8b6986091c3ab75 Wed, 23 Jan 2019 09:07:33 +0100
From: Andrew Branson <andrew.branson@jollamobile.com>
Date: Wed, 23 Jan 2019 09:06:03 +0100
Subject: [PATCH] Set GPG homedir when reading signatures. GPG won't start without a valid one.
Not being able to create ~/.gnupg is a fatal error on startup for GPG
diff --git a/zypp/KeyRing.cc b/zypp/KeyRing.cc
index d9e0c9a..c39b872 100644
--- a/zypp/KeyRing.cc
+++ b/zypp/KeyRing.cc
@@ -564,6 +564,10 @@
return std::string();
}
+ if(!ctx->setHomedir(generalKeyRing())) {
+ ZYPP_THROW(KeyRingException(_("General keyring not found")));
+ }
+
std::list<std::string> fprs = ctx->readSignatureFingerprints(signature);
if (fprs.size()) {
std::string &id = fprs.back();
......@@ -12,6 +12,7 @@ Patch3: 0003-Ensure-that-the-destination-path-for-applyi.patch
Patch4: 0004-Set-unrestricted-auth-curl-option.patch
Patch5: 0005-disable-doc.patch
Patch6: 0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch
Patch7: 0007-Set-GPG-homedir-when-reading-signatures.patch
BuildRequires: cmake
BuildRequires: openssl-devel
BuildRequires: libudev-devel
......@@ -87,6 +88,7 @@ Authors:
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
mkdir -p build
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment