Package: debpool
Version: 0.2.2
Tags: patch

debpool's requirement for providing a passphrase file precludes allowing
gpg to retrieve the passphrase via other means such as gpg-agent.  With
the attached patch, debpool will allow the gpg_passfile option to be
undefined, in which case debpool will not attempt to pass a passphrase
to gpg, and will assume that it will be obtained some other way.  This
allows me to run debpool in non-daemon mode under my user account and
use my own GPG key with gpg-agent, without putting my passphrase in a file.

- Josh Triplett
diff -Naur debpool-0.2.2.orig/debian/README.GnuPG debpool-0.2.2/debian/README.GnuPG
--- debpool-0.2.2.orig/debian/README.GnuPG	2004-10-13 15:52:46.000000000 -0700
+++ debpool-0.2.2/debian/README.GnuPG	2005-05-05 21:59:36.483057000 -0700
@@ -63,6 +63,10 @@
    turn off debpool's Release file generation and manully generate/sign a
    Release file for each section).

+   Alternatively, if you use gpg-agent and want gpg to get the passphrase from
+   the agent rather than debpool, then leave $Options{'gpg_passfile'}
+   undefined.
+
 6. Edit the appropriate Config.pm file (/etc/debpool/Config.pm or
    ~/.debpool/Config.pm), set $Options{'sign_release'} to 1 and
    $Options{'gpg_sign_key'} to the key ID of your archive signing key.
diff -Naur debpool-0.2.2.orig/examples/Config.pm debpool-0.2.2/examples/Config.pm
--- debpool-0.2.2.orig/examples/Config.pm	2005-01-20 13:33:31.000000000 -0800
+++ debpool-0.2.2/examples/Config.pm	2005-05-05 21:59:36.483057000 -0700
@@ -100,7 +100,7 @@
 #$Options{'gpg_home'} = '/home/user/.gnupg';
 #$Options{'gpg_keyrings'} = [ 'uploaders.gpg' ];
 #$Options{'gpg_sign_key'} = undef;
-#$Options{'gpg_passfile'} = '/home/user/.gnupg/passphrase';
+#$Options{'gpg_passfile'} = undef;

 # Logging configuration
 #
diff -Naur debpool-0.2.2.orig/man/man5/DebPool::Config.5 debpool-0.2.2/man/man5/DebPool::Config.5
--- debpool-0.2.2.orig/man/man5/DebPool::Config.5	2005-02-14 10:55:35.000000000 -0800
+++ debpool-0.2.2/man/man5/DebPool::Config.5	2005-05-05 21:59:36.484056000 -0700
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DebPool::Config 5"
-.TH DebPool::Config 5 "2005-01-20" "perl v5.8.4" "DebPool Configuration"
+.TH DebPool::Config 5 "2005-05-05" "perl v5.8.4" "DebPool Configuration"
 .SH "NAME"
 DebPool::Config \- configuration file format for debpool
 .SH "SYNOPSIS"
@@ -441,9 +441,11 @@
 .IX Item "gpg_passfile = passphrase file"
 This specifies the name of the file from which we read the GnuPG passphrase
 for the key listed in gpg_sign_key. Note that it will have no effect unless
-\&'sign_release' is true and 'gpg_sign_key' is defined.
+\&'sign_release' is true and 'gpg_sign_key' is defined.  If this value is not
+defined, debpool will not supply a passphrase to GnuPG, so it must be supplied
+by another means such as gpg\-agent.
 .Sp
-Default value: '/home/user/.gnupg/passphrase';
+Default value: undef;
 .Sp
 See also: sign_release, gpg_sign_key
 .Sh "Logging configuration"
diff -Naur debpool-0.2.2.orig/share/DebPool/Config.pm debpool-0.2.2/share/DebPool/Config.pm
--- debpool-0.2.2.orig/share/DebPool/Config.pm	2005-01-20 13:33:31.000000000 -0800
+++ debpool-0.2.2/share/DebPool/Config.pm	2005-05-05 22:00:02.006176000 -0700
@@ -801,15 +801,17 @@

 This specifies the name of the file from which we read the GnuPG passphrase
 for the key listed in gpg_sign_key. Note that it will have no effect unless
-'sign_release' is true and 'gpg_sign_key' is defined.
+'sign_release' is true and 'gpg_sign_key' is defined.  If this value is not
+defined, debpool will not supply a passphrase to GnuPG, so it must be supplied
+by another means such as gpg-agent.

-Default value: '/home/user/.gnupg/passphrase';
+Default value: undef;

 See also: sign_release, gpg_sign_key

 =cut

-$Options{'gpg_passfile'} = '/home/user/.gnupg/passphrase';
+$Options{'gpg_passfile'} = undef;
 $OptionDefs{'gpg_passfile'} = 'gpg_passfile=s';

 =back
diff -Naur debpool-0.2.2.orig/share/DebPool/GnuPG.pm debpool-0.2.2/share/DebPool/GnuPG.pm
--- debpool-0.2.2.orig/share/DebPool/GnuPG.pm	2005-02-12 09:52:37.000000000 -0800
+++ debpool-0.2.2/share/DebPool/GnuPG.pm	2005-05-05 21:59:36.575043000 -0700
@@ -165,10 +165,7 @@
         return undef;
     }

-    if (!defined($Options{'gpg_passfile'})) {
-        $Error = "No GPG passphrase file enabled";
-        return undef;
-    }
+    my($have_passphrase) = defined($Options{'gpg_passfile'});

     # Open a secure tempfile to write the signature to

@@ -183,20 +180,26 @@
     my(@release_text) = <RELEASE>;
     close(RELEASE);

-    # Open the passphrase file and grab the data from it
-
-    if (!open(PASS, '<', $Options{'gpg_passfile'})) {
-        $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
-        return undef;
+    my($passphrase);
+    if ($have_passphrase) {
+        # Open the passphrase file and grab the data from it
+
+        if (!open(PASS, '<', $Options{'gpg_passfile'})) {
+            $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
+            return undef;
+        }
+        $passphrase = <PASS>; # This is only safe because we don't care.
+        close(PASS);
     }
-    my($passphrase) = <PASS>; # This is only safe because we don't care.
-    close(PASS);

     # We are go for main engine start

     my(@args) = ("--homedir=$Options{'gpg_home'}");
     push(@args, "--default-key=$Options{'gpg_sign_key'}");
-    push(@args, '--passphrase-fd=0', '--batch', '--no-tty', '--detach-sign');
+    if ($have_passphrase) {
+        push(@args, '--passphrase-fd=0');
+    }
+    push(@args, '--batch', '--no-tty', '--detach-sign');
     push(@args, '--armor', '--output=-');

     my($gnupg_pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
@@ -211,7 +214,9 @@

         # Send all the data to GnuPG

-        print GPG_OUT $passphrase;
+        if ($have_passphrase) {
+            print GPG_OUT $passphrase;
+        }
         print GPG_OUT @release_text;
         close(GPG_OUT);

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to