Your message dated Tue, 28 Oct 2014 03:35:03 +0000
with message-id <[email protected]>
and subject line Bug#758826: fixed in debsig-verify 0.11
has caused the Debian Bug report #758826,
regarding [patch] fix if $HOME is not writable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
758826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758826
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debsig-verify
Version: 0.10

Hi,

I ran into a issue today that debsig-verify would fail if $HOME was
not writable to the debsig-verify progress. The reason is that gpg
tries to create/read a ~/.gnupg/{pubring,secring}.gpg.

Attached is a patch that run gpg with its own GNUPGHOME instead of the
users.

Feedback welcome!

Thanks,
 Michael
diff -Nru debsig-verify-0.10/gpg-parse.c debsig-verify-0.10ubuntu1/gpg-parse.c
--- debsig-verify-0.10/gpg-parse.c	2014-06-07 22:17:34.000000000 +0200
+++ debsig-verify-0.10ubuntu1/gpg-parse.c	2014-08-21 20:59:04.000000000 +0200
@@ -32,16 +32,28 @@
 #include "debsig.h"
 
 static int gpg_inited = 0;
+static char gpg_tmpdir[256] = {0,};
 
-/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will
- * fail first time called */
+/* Crazy damn hack to make sure gpg has a writable HOME to put its 
+   trustdb and secret keyring etc */
+static void cleanup_gpg_tmpdir(void) {
+   execl("/bin/rm", "rm", "-rf", gpg_tmpdir, NULL);
+}
 static void gpg_init(void) {
     int rc;
 
-    if (gpg_inited) return;
-    rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1");
-    if (rc < 0)
-        ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg");
+    if (gpg_inited)
+       return;
+
+    char *tmpdir = getenv("TMPDIR");
+    if(!tmpdir)
+       tmpdir = "/tmp";
+    snprintf(gpg_tmpdir, sizeof(gpg_tmpdir) -1, 
+             "%s/%s", tmpdir, "debsig-verify.XXXXXX");
+    if(!mkdtemp(gpg_tmpdir))
+       ds_fail_printf(DS_FAIL_INTERNAL, "mkdtemp() failed for '%s'", gpg_tmpdir);
+    setenv("GNUPGHOME", gpg_tmpdir, 1);
+    atexit(cleanup_gpg_tmpdir);
     gpg_inited = 1;
 }
 

--- End Message ---
--- Begin Message ---
Source: debsig-verify
Source-Version: 0.11

We believe that the bug you reported is fixed in the latest version of
debsig-verify, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated debsig-verify package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Oct 2014 04:01:53 +0100
Source: debsig-verify
Binary: debsig-verify
Architecture: source
Version: 0.11
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Description:
 debsig-verify - Debian package signature verification tool
Closes: 758525 758615 758826
Changes:
 debsig-verify (0.11) unstable; urgency=medium
 .
   * Update Vcs-Browser git URL to the new cgit scheme.
   * Add a README file.
   * Autoconfiscate build system.
   * Add more warning flags to the default compiler flags.
   * Do not use continuation lines in string literals.
   * Reformat and reflow --help output.
   * Add a --root option to use an alternative root directory.
     Thanks to Michael Vogt <[email protected]>. Closes: #758525
   * Add new --policies-dir and --keyrings-dir options.
   * Add new --help option.
   * Do not print --version and --help on stderr and make them exit 0. And
     replace usage error output with a new function that gives a hint to the
     user to use --help instead.
   * Add long options for quiet, verbose and debug.
   * Use DS_LEV_ERR instead of DS_FAIL_INTERNAL as ds_printf() level argument.
   * Use more of libdpkg instead of ad-hoc code, to reduce code duplication,
     switch to more tested code, and so that the error return codes are
     checked and acted upon. Closes: #758615
     - Switch to use subproc module instead of fork() and waitpid().
     - Switch from xmalloc to m_malloc().
     - Use ohshit()/ohshite() instead of ds_fail_printf(DS_FAIL_INTERNAL, ...).
     - Use m_dup2() instead of raw dup2().
     - Use fdio API instead of ad-hoc file copying.
     - Use str_match_end() instead of ad-hoc code, which also fixes a warning
       due to a signed vs unsigned comparison.
   * Remove useless return statements.
   * Use a temporary GNUPGHOME instead of using the users's default.
     Based on a patch by Michael Vogt <[email protected]>. Closes: #758826
   * Error out if the GnuPG pipe failed on close.
   * Explicitly check strcmp() return value instead of handling it as a bool.
   * Switch originID from global to function scoped variable.
     Thanks to Michael Vogt <[email protected]>.
   * Switch deb and deb_fd from global to a function scoped struct.
   * Change len type to size_t to fix a signed vs unsigned comparison warning.
   * Make private functions static.
   * Make private constant string variables static const.
   * Add new autotest functional testsuite.
   * Add test cases for signature checks.
     Based on a patch by Michael Vogt <[email protected]>.
   * Update copyright holders and years.
   * Bump Standard-Version to 3.9.6 (no changed needed).
Checksums-Sha1:
 4f5a674eace4323a8842a26328614f7c06ff72d6 1646 debsig-verify_0.11.dsc
 3b7cbdab82839a65d7c40188c4a17ef32c43b772 125688 debsig-verify_0.11.tar.xz
Checksums-Sha256:
 de1e0f6f56486740697fc90272a1f9d0ad2b3db942ee1d5989d93c3cb2317b59 1646 
debsig-verify_0.11.dsc
 ae66b9e733b51824e2e449582d932b130fece40b0041ed28af83b9b6dbb0cf23 125688 
debsig-verify_0.11.tar.xz
Files:
 a4f264b0e5dfddfdaac8915bdc15f02d 1646 admin optional debsig-verify_0.11.dsc
 2e0e886614bdffc5981446f4b82edd7d 125688 admin optional 
debsig-verify_0.11.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUTwj1AAoJELlyvz6krleju7EP/AwoYbd+uSFNd8fgriKLqtnc
TYso/xDWiqTvAEAi+q48+o4xy+MtdBYfd/p4H5MD2iUe9UiP8scSy1q8wtjjDvFS
SfK1puHEUh3A0clS7f6Qcle8PM7+G1tEq0lNuaoOuSYuqDtgo6ufh9f7EuLW6cF8
ChpZqKI3QNcBdJKZ1v9+hZVvQPErYz6nSdOZGQ6FfdgZ6Qg+Bt403tPTqd+l2DK8
ULcLZBaKn29dPyJbuSTyDmg5aZNo7fE4BjPveSBLj39fwnLl37rS30qzacI6FxgJ
DqnUzKtebBm9RcGrKVXnbgLUDvoXlEI83QiP6ERiBsfZUbMuBNiEmiwDT5wxKtvT
MpwdOqyztOcV5l69HfuhqJW260YQLyvLiza3SOnkmOZh20EigX3EdoVKwzs2Aws5
o2/7CobymbguizT4mW1AKRs49gWCNF6WVQV0mLNqQap79kLlRbY4NYRyOf75WD+2
myHHlyk2b4kDhrosEfgjJlr3g4MtkNwYhv7hfXqiWbDBVS1+QnRrWOnBeaKJH5/9
OSaDVZ7bdCPlSpzZRChw6oebD8aWZzs+QVpOPNWpMr3QVdMXYUlk0uGIMJHlhXRO
zL0uy+wtgw5PhdiuXYbIo34Zk2GwzGeOJm84oMmvylhEkay0ADGT3fwKwpNghaID
IU6HGZxincU/WMiAoDQu
=Vuu9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to