Your message dated Tue, 28 Oct 2014 03:35:03 +0000 with message-id <[email protected]> and subject line Bug#758826: fixed in debsig-verify 0.11 has caused the Debian Bug report #758826, regarding [patch] fix if $HOME is not writable to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 758826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758826 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: debsig-verify Version: 0.10 Hi, I ran into a issue today that debsig-verify would fail if $HOME was not writable to the debsig-verify progress. The reason is that gpg tries to create/read a ~/.gnupg/{pubring,secring}.gpg. Attached is a patch that run gpg with its own GNUPGHOME instead of the users. Feedback welcome! Thanks, Michaeldiff -Nru debsig-verify-0.10/gpg-parse.c debsig-verify-0.10ubuntu1/gpg-parse.c --- debsig-verify-0.10/gpg-parse.c 2014-06-07 22:17:34.000000000 +0200 +++ debsig-verify-0.10ubuntu1/gpg-parse.c 2014-08-21 20:59:04.000000000 +0200 @@ -32,16 +32,28 @@ #include "debsig.h" static int gpg_inited = 0; +static char gpg_tmpdir[256] = {0,}; -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ +/* Crazy damn hack to make sure gpg has a writable HOME to put its + trustdb and secret keyring etc */ +static void cleanup_gpg_tmpdir(void) { + execl("/bin/rm", "rm", "-rf", gpg_tmpdir, NULL); +} static void gpg_init(void) { int rc; - if (gpg_inited) return; - rc = system(GPG_PROG" --options /dev/null < /dev/null > /dev/null 2>&1"); - if (rc < 0) - ds_fail_printf(DS_FAIL_INTERNAL, "error writing initializing gpg"); + if (gpg_inited) + return; + + char *tmpdir = getenv("TMPDIR"); + if(!tmpdir) + tmpdir = "/tmp"; + snprintf(gpg_tmpdir, sizeof(gpg_tmpdir) -1, + "%s/%s", tmpdir, "debsig-verify.XXXXXX"); + if(!mkdtemp(gpg_tmpdir)) + ds_fail_printf(DS_FAIL_INTERNAL, "mkdtemp() failed for '%s'", gpg_tmpdir); + setenv("GNUPGHOME", gpg_tmpdir, 1); + atexit(cleanup_gpg_tmpdir); gpg_inited = 1; }
--- End Message ---
--- Begin Message ---Source: debsig-verify Source-Version: 0.11 We believe that the bug you reported is fixed in the latest version of debsig-verify, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillem Jover <[email protected]> (supplier of updated debsig-verify package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 28 Oct 2014 04:01:53 +0100 Source: debsig-verify Binary: debsig-verify Architecture: source Version: 0.11 Distribution: unstable Urgency: medium Maintainer: Dpkg Developers <[email protected]> Changed-By: Guillem Jover <[email protected]> Description: debsig-verify - Debian package signature verification tool Closes: 758525 758615 758826 Changes: debsig-verify (0.11) unstable; urgency=medium . * Update Vcs-Browser git URL to the new cgit scheme. * Add a README file. * Autoconfiscate build system. * Add more warning flags to the default compiler flags. * Do not use continuation lines in string literals. * Reformat and reflow --help output. * Add a --root option to use an alternative root directory. Thanks to Michael Vogt <[email protected]>. Closes: #758525 * Add new --policies-dir and --keyrings-dir options. * Add new --help option. * Do not print --version and --help on stderr and make them exit 0. And replace usage error output with a new function that gives a hint to the user to use --help instead. * Add long options for quiet, verbose and debug. * Use DS_LEV_ERR instead of DS_FAIL_INTERNAL as ds_printf() level argument. * Use more of libdpkg instead of ad-hoc code, to reduce code duplication, switch to more tested code, and so that the error return codes are checked and acted upon. Closes: #758615 - Switch to use subproc module instead of fork() and waitpid(). - Switch from xmalloc to m_malloc(). - Use ohshit()/ohshite() instead of ds_fail_printf(DS_FAIL_INTERNAL, ...). - Use m_dup2() instead of raw dup2(). - Use fdio API instead of ad-hoc file copying. - Use str_match_end() instead of ad-hoc code, which also fixes a warning due to a signed vs unsigned comparison. * Remove useless return statements. * Use a temporary GNUPGHOME instead of using the users's default. Based on a patch by Michael Vogt <[email protected]>. Closes: #758826 * Error out if the GnuPG pipe failed on close. * Explicitly check strcmp() return value instead of handling it as a bool. * Switch originID from global to function scoped variable. Thanks to Michael Vogt <[email protected]>. * Switch deb and deb_fd from global to a function scoped struct. * Change len type to size_t to fix a signed vs unsigned comparison warning. * Make private functions static. * Make private constant string variables static const. * Add new autotest functional testsuite. * Add test cases for signature checks. Based on a patch by Michael Vogt <[email protected]>. * Update copyright holders and years. * Bump Standard-Version to 3.9.6 (no changed needed). Checksums-Sha1: 4f5a674eace4323a8842a26328614f7c06ff72d6 1646 debsig-verify_0.11.dsc 3b7cbdab82839a65d7c40188c4a17ef32c43b772 125688 debsig-verify_0.11.tar.xz Checksums-Sha256: de1e0f6f56486740697fc90272a1f9d0ad2b3db942ee1d5989d93c3cb2317b59 1646 debsig-verify_0.11.dsc ae66b9e733b51824e2e449582d932b130fece40b0041ed28af83b9b6dbb0cf23 125688 debsig-verify_0.11.tar.xz Files: a4f264b0e5dfddfdaac8915bdc15f02d 1646 admin optional debsig-verify_0.11.dsc 2e0e886614bdffc5981446f4b82edd7d 125688 admin optional debsig-verify_0.11.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUTwj1AAoJELlyvz6krleju7EP/AwoYbd+uSFNd8fgriKLqtnc TYso/xDWiqTvAEAi+q48+o4xy+MtdBYfd/p4H5MD2iUe9UiP8scSy1q8wtjjDvFS SfK1puHEUh3A0clS7f6Qcle8PM7+G1tEq0lNuaoOuSYuqDtgo6ufh9f7EuLW6cF8 ChpZqKI3QNcBdJKZ1v9+hZVvQPErYz6nSdOZGQ6FfdgZ6Qg+Bt403tPTqd+l2DK8 ULcLZBaKn29dPyJbuSTyDmg5aZNo7fE4BjPveSBLj39fwnLl37rS30qzacI6FxgJ DqnUzKtebBm9RcGrKVXnbgLUDvoXlEI83QiP6ERiBsfZUbMuBNiEmiwDT5wxKtvT MpwdOqyztOcV5l69HfuhqJW260YQLyvLiza3SOnkmOZh20EigX3EdoVKwzs2Aws5 o2/7CobymbguizT4mW1AKRs49gWCNF6WVQV0mLNqQap79kLlRbY4NYRyOf75WD+2 myHHlyk2b4kDhrosEfgjJlr3g4MtkNwYhv7hfXqiWbDBVS1+QnRrWOnBeaKJH5/9 OSaDVZ7bdCPlSpzZRChw6oebD8aWZzs+QVpOPNWpMr3QVdMXYUlk0uGIMJHlhXRO zL0uy+wtgw5PhdiuXYbIo34Zk2GwzGeOJm84oMmvylhEkay0ADGT3fwKwpNghaID IU6HGZxincU/WMiAoDQu =Vuu9 -----END PGP SIGNATURE-----
--- End Message ---

