-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi andreas,
> > if i run cpan as, say, userA, how/where do i specify that gpg within
> > cpan (for signature checks etc) run as userB -- i.e. a *different*
user
> > -- so as to use a specific user's keyrings, permissions and such?
>
> I think the answer would be to add options to the gpg binary,
something like
>
> cpan> o conf gpg '/usr/bin/gpg --homedir /Users/userB'
>
> This is untested. So please let us know what works for you. Certainly
> it will also require that access permissions are set so that gpg
> accepts the --homedir option.
my env is already set to:
GNUPGHOME=/Users/userB/gpg_homedir
in the shell of all users ...
and i can verify that gpg.conf, in $GNUPGHOME *is* being read ...
nonetheless, adding to gpg.conf:
+++ homedir /Users/userB/gpg_homedir/pubring.gpg
on install of an intentionally new/uninstalled cpan module (e.g.,
MRTG::Parse), i still see:
CPAN: Storable loaded ok
Going to read /usr/ports/cpan_build/Metadata
Database was generated on Sat, 04 Mar 2006 07:22:19 GMT
Running install for module MRTG::Parse
Running make for M/MA/MARIOF/MRTG-Parse-0.03.tar.gz
CPAN: Digest::SHA loaded ok
CPAN: Module::Signature loaded ok
gpg: WARNING: unsafe ownership on homedir `/Users/userB/gpg_homedir'
gpg: WARNING: unsafe ownership on homedir `/Users/userB/gpg_homedir'
gpg: Signature made Thu Nov 10 22:02:26 2005 PST using DSA key ID 450F89EC
gpg: requesting key 450F89EC from hkp server pgp.mit.edu
...
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 13 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 13u
gpg: Good signature from "PAUSE Batch Signing Key 2005
<[EMAIL PROTECTED]>"
gpg: aka "PAUSE Batch Signing Key 2003
<[EMAIL PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 2E66 557A B97C 19C7 91AF 8E20 328D A867 450F 89EC
Signature invalid for distribution file. Please investigate.
Distribution id = M/MA/MARIOF/MRTG-Parse-0.03.tar.gz
CPAN_USERID MARIOF (Mario Furderer <[EMAIL PROTECTED]>)
CALLED_FOR MRTG::Parse
CHECKSUM_STATUS
CONTAINSMODS MRTG::Parse
UPLOAD_DATE 2005-03-13
force_update 1
incommandcolor 1
localfile
/usr/ports/cpan_build/sources/authors/id/M/MA/MARIOF/MRTG-Parse-0.03.tar.gz
I'd recommend removing
/usr/ports/cpan_build/sources/authors/id/M/MA/MARIOF/CHECKSUMS. Its
signature
is invalid. Maybe you have configured your 'urllist' with
a bad URL. Please check this array with 'o conf urllist', and
retry.
AND, the ownership on files in my homedir (e.g., pubring) is still
changed to userA, rather than 'staying' as specified user, userB.
cheers,
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Darwin)
iEYEAREDAAYFAkQJxLcACgkQlffdvTZxCMY2ywCgkqoiH2I0el7lWPpiqn/R3Pn+
3X4An1FNCgBfhdOzzaJ4TF54lbQaFEIR
=Vs47
-----END PGP SIGNATURE-----
