Package: debpool Version: 0.2.2 Tags: patch debpool's requirement for providing a passphrase file precludes allowing gpg to retrieve the passphrase via other means such as gpg-agent. With the attached patch, debpool will allow the gpg_passfile option to be undefined, in which case debpool will not attempt to pass a passphrase to gpg, and will assume that it will be obtained some other way. This allows me to run debpool in non-daemon mode under my user account and use my own GPG key with gpg-agent, without putting my passphrase in a file.
- Josh Triplett
diff -Naur debpool-0.2.2.orig/debian/README.GnuPG debpool-0.2.2/debian/README.GnuPG
--- debpool-0.2.2.orig/debian/README.GnuPG 2004-10-13 15:52:46.000000000 -0700
+++ debpool-0.2.2/debian/README.GnuPG 2005-05-05 21:59:36.483057000 -0700
@@ -63,6 +63,10 @@
turn off debpool's Release file generation and manully generate/sign a
Release file for each section).
+ Alternatively, if you use gpg-agent and want gpg to get the passphrase from
+ the agent rather than debpool, then leave $Options{'gpg_passfile'}
+ undefined.
+
6. Edit the appropriate Config.pm file (/etc/debpool/Config.pm or
~/.debpool/Config.pm), set $Options{'sign_release'} to 1 and
$Options{'gpg_sign_key'} to the key ID of your archive signing key.
diff -Naur debpool-0.2.2.orig/examples/Config.pm debpool-0.2.2/examples/Config.pm
--- debpool-0.2.2.orig/examples/Config.pm 2005-01-20 13:33:31.000000000 -0800
+++ debpool-0.2.2/examples/Config.pm 2005-05-05 21:59:36.483057000 -0700
@@ -100,7 +100,7 @@
#$Options{'gpg_home'} = '/home/user/.gnupg';
#$Options{'gpg_keyrings'} = [ 'uploaders.gpg' ];
#$Options{'gpg_sign_key'} = undef;
-#$Options{'gpg_passfile'} = '/home/user/.gnupg/passphrase';
+#$Options{'gpg_passfile'} = undef;
# Logging configuration
#
diff -Naur debpool-0.2.2.orig/man/man5/DebPool::Config.5 debpool-0.2.2/man/man5/DebPool::Config.5
--- debpool-0.2.2.orig/man/man5/DebPool::Config.5 2005-02-14 10:55:35.000000000 -0800
+++ debpool-0.2.2/man/man5/DebPool::Config.5 2005-05-05 21:59:36.484056000 -0700
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DebPool::Config 5"
-.TH DebPool::Config 5 "2005-01-20" "perl v5.8.4" "DebPool Configuration"
+.TH DebPool::Config 5 "2005-05-05" "perl v5.8.4" "DebPool Configuration"
.SH "NAME"
DebPool::Config \- configuration file format for debpool
.SH "SYNOPSIS"
@@ -441,9 +441,11 @@
.IX Item "gpg_passfile = passphrase file"
This specifies the name of the file from which we read the GnuPG passphrase
for the key listed in gpg_sign_key. Note that it will have no effect unless
-\&'sign_release' is true and 'gpg_sign_key' is defined.
+\&'sign_release' is true and 'gpg_sign_key' is defined. If this value is not
+defined, debpool will not supply a passphrase to GnuPG, so it must be supplied
+by another means such as gpg\-agent.
.Sp
-Default value: '/home/user/.gnupg/passphrase';
+Default value: undef;
.Sp
See also: sign_release, gpg_sign_key
.Sh "Logging configuration"
diff -Naur debpool-0.2.2.orig/share/DebPool/Config.pm debpool-0.2.2/share/DebPool/Config.pm
--- debpool-0.2.2.orig/share/DebPool/Config.pm 2005-01-20 13:33:31.000000000 -0800
+++ debpool-0.2.2/share/DebPool/Config.pm 2005-05-05 22:00:02.006176000 -0700
@@ -801,15 +801,17 @@
This specifies the name of the file from which we read the GnuPG passphrase
for the key listed in gpg_sign_key. Note that it will have no effect unless
-'sign_release' is true and 'gpg_sign_key' is defined.
+'sign_release' is true and 'gpg_sign_key' is defined. If this value is not
+defined, debpool will not supply a passphrase to GnuPG, so it must be supplied
+by another means such as gpg-agent.
-Default value: '/home/user/.gnupg/passphrase';
+Default value: undef;
See also: sign_release, gpg_sign_key
=cut
-$Options{'gpg_passfile'} = '/home/user/.gnupg/passphrase';
+$Options{'gpg_passfile'} = undef;
$OptionDefs{'gpg_passfile'} = 'gpg_passfile=s';
=back
diff -Naur debpool-0.2.2.orig/share/DebPool/GnuPG.pm debpool-0.2.2/share/DebPool/GnuPG.pm
--- debpool-0.2.2.orig/share/DebPool/GnuPG.pm 2005-02-12 09:52:37.000000000 -0800
+++ debpool-0.2.2/share/DebPool/GnuPG.pm 2005-05-05 21:59:36.575043000 -0700
@@ -165,10 +165,7 @@
return undef;
}
- if (!defined($Options{'gpg_passfile'})) {
- $Error = "No GPG passphrase file enabled";
- return undef;
- }
+ my($have_passphrase) = defined($Options{'gpg_passfile'});
# Open a secure tempfile to write the signature to
@@ -183,20 +180,26 @@
my(@release_text) = <RELEASE>;
close(RELEASE);
- # Open the passphrase file and grab the data from it
-
- if (!open(PASS, '<', $Options{'gpg_passfile'})) {
- $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
- return undef;
+ my($passphrase);
+ if ($have_passphrase) {
+ # Open the passphrase file and grab the data from it
+
+ if (!open(PASS, '<', $Options{'gpg_passfile'})) {
+ $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
+ return undef;
+ }
+ $passphrase = <PASS>; # This is only safe because we don't care.
+ close(PASS);
}
- my($passphrase) = <PASS>; # This is only safe because we don't care.
- close(PASS);
# We are go for main engine start
my(@args) = ("--homedir=$Options{'gpg_home'}");
push(@args, "--default-key=$Options{'gpg_sign_key'}");
- push(@args, '--passphrase-fd=0', '--batch', '--no-tty', '--detach-sign');
+ if ($have_passphrase) {
+ push(@args, '--passphrase-fd=0');
+ }
+ push(@args, '--batch', '--no-tty', '--detach-sign');
push(@args, '--armor', '--output=-');
my($gnupg_pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
@@ -211,7 +214,9 @@
# Send all the data to GnuPG
- print GPG_OUT $passphrase;
+ if ($have_passphrase) {
+ print GPG_OUT $passphrase;
+ }
print GPG_OUT @release_text;
close(GPG_OUT);
signature.asc
Description: OpenPGP digital signature

