powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1016 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 2cda77266d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2cda77266d'
${ noResults }
base/SOURCES/0325-import-add-support-for...

88 lines
3.2 KiB
Raw Blame History

From 1b7d1234cd22bb0fd2677d54dc670a6d2c6f8089 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 2 Mar 2015 20:24:11 +0100
Subject: [PATCH] import: add support for gpg2 for verifying imported images
gpg2 insists on created a trust db even if we tun off all trust db
support. Hence create a temporary home where the trust db is placed, and
remove it after use.
Cherry-picked from: 0acfdffe9417b4218e97b6d981c99a1a85e633c9
Resolves: #1284974
---
src/import/import-common.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/src/import/import-common.c b/src/import/import-common.c
index 2acf380f99..f10a453eed 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -281,8 +281,9 @@ int import_verify(
_cleanup_free_ char *fn = NULL;
_cleanup_close_ int sig_file = -1;
const char *p, *line;
- char sig_file_path[] = "/tmp/sigXXXXXX";
+ char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX";
_cleanup_sigkill_wait_ pid_t pid = 0;
+ bool gpg_home_created = false;
int r;
assert(main_job);
@@ -347,6 +348,13 @@ int import_verify(
goto finish;
}
+ if (!mkdtemp(gpg_home)) {
+ r = log_error_errno(errno, "Failed to create tempory home for gpg: %m");
+ goto finish;
+ }
+
+ gpg_home_created = true;
+
pid = fork();
if (pid < 0)
return log_error_errno(errno, "Failed to fork off gpg: %m");
@@ -359,13 +367,14 @@ int import_verify(
"--no-auto-check-trustdb",
"--batch",
"--trust-model=always",
- NULL, /* keyring to use */
+ NULL, /* --homedir= */
+ NULL, /* --keyring= */
NULL, /* --verify */
NULL, /* signature file */
NULL, /* dash */
NULL /* trailing NULL */
};
- unsigned k = ELEMENTSOF(cmd) - 5;
+ unsigned k = ELEMENTSOF(cmd) - 6;
int null_fd;
/* Child */
@@ -398,6 +407,8 @@ int import_verify(
if (null_fd != STDOUT_FILENO)
null_fd = safe_close(null_fd);
+ cmd[k++] = strjoina("--homedir=", gpg_home);
+
/* We add the user keyring only to the command line
* arguments, if it's around since gpg fails
* otherwise. */
@@ -415,6 +426,7 @@ int import_verify(
fd_cloexec(STDOUT_FILENO, false);
fd_cloexec(STDERR_FILENO, false);
+ execvp("gpg2", (char * const *) cmd);
execvp("gpg", (char * const *) cmd);
log_error_errno(errno, "Failed to execute gpg: %m");
_exit(EXIT_FAILURE);
@@ -446,6 +458,9 @@ finish:
if (sig_file >= 0)
unlink(sig_file_path);
+ if (gpg_home_created)
+ rm_rf_dangerous(gpg_home, false, true, false);
+
return r;
}