The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/29

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
From 4ad8b8959b691323265cdc8fba600f26c4936e27 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.h...@canonical.com>
Date: Tue, 6 Mar 2018 14:36:52 +0100
Subject: [PATCH] shared: Fix GPG

Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
---
 shared/util.go         | 22 +++++++++++++++-------
 shared/util_test.go    | 20 +++++++++++---------
 sources/debootstrap.go |  7 ++++---
 3 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/shared/util.go b/shared/util.go
index 0e40c0c..598104d 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -3,8 +3,10 @@ package shared
 import (
        "fmt"
        "io"
+       "io/ioutil"
        "os"
        "os/exec"
+       "path"
        "path/filepath"
        "regexp"
        "strconv"
@@ -57,19 +59,22 @@ func RunCommand(name string, arg ...string) error {
 
 // VerifyFile verifies a file using gpg.
 func VerifyFile(signedFile, signatureFile string, keys []string, keyserver 
string) (bool, error) {
-       gpgDir, err := CreateGPGKeyring(keyserver, keys)
+       keyring, err := CreateGPGKeyring(keyserver, keys)
        if err != nil {
                return false, err
        }
+       gpgDir := path.Dir(keyring)
        defer os.RemoveAll(gpgDir)
 
        if signatureFile != "" {
-               out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, 
"--verify", signatureFile, signedFile)
+               out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, 
"--keyring", keyring,
+                       "--verify", signatureFile, signedFile)
                if err != nil {
                        return false, fmt.Errorf("Failed to verify: %s", out)
                }
        } else {
-               out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, 
"--verify", signedFile)
+               out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, 
"--keyring", keyring,
+                       "--verify", signedFile)
                if err != nil {
                        return false, fmt.Errorf("Failed to verify: %s", out)
                }
@@ -80,9 +85,12 @@ func VerifyFile(signedFile, signatureFile string, keys 
[]string, keyserver strin
 
 // CreateGPGKeyring creates a new GPG keyring.
 func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
-       gpgDir := filepath.Join(os.TempDir(), "distrobuilder.gpg")
+       gpgDir, err := ioutil.TempDir(os.TempDir(), "distrobuilder.")
+       if err != nil {
+               return "", fmt.Errorf("Failed to create gpg directory: %s", err)
+       }
 
-       err := os.MkdirAll(gpgDir, 0700)
+       err = os.MkdirAll(gpgDir, 0700)
        if err != nil {
                return "", err
        }
@@ -103,13 +111,13 @@ func CreateGPGKeyring(keyserver string, keys []string) 
(string, error) {
 
        // Export keys to support gpg1 and gpg2
        out, err = lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", 
"--output",
-               filepath.Join(gpgDir, "pubring.gpg"))
+               filepath.Join(gpgDir, "distrobuilder.gpg"))
        if err != nil {
                os.RemoveAll(gpgDir)
                return "", fmt.Errorf("Failed to export keyring: %s", out)
        }
 
-       return gpgDir, nil
+       return filepath.Join(gpgDir, "distrobuilder.gpg"), nil
 }
 
 // Pack creates an xz-compressed tarball.
diff --git a/shared/util_test.go b/shared/util_test.go
index ea7365a..dd23c02 100644
--- a/shared/util_test.go
+++ b/shared/util_test.go
@@ -3,6 +3,7 @@ package shared
 import (
        "log"
        "os"
+       "path"
        "path/filepath"
        "testing"
 
@@ -91,24 +92,25 @@ func TestVerifyFile(t *testing.T) {
 }
 
 func TestCreateGPGKeyring(t *testing.T) {
-       gpgDir, err := CreateGPGKeyring("pgp.mit.edu", 
[]string{"0x5DE8949A899C8D99"})
+       keyring, err := CreateGPGKeyring("pgp.mit.edu", 
[]string{"0x5DE8949A899C8D99"})
        if err != nil {
                t.Fatalf("Unexpected error: %s", err)
        }
 
-       if !lxd.PathExists(gpgDir) {
-               t.Fatalf("Failed to create gpg directory: %s", gpgDir)
+       if !lxd.PathExists(keyring) {
+               t.Fatalf("Failed to create GPG keyring '%s'", keyring)
        }
-       os.RemoveAll(gpgDir)
+       os.RemoveAll(path.Dir(keyring))
 
-       // This shouldn't fail either.
-       gpgDir, err = CreateGPGKeyring("", []string{})
+       // This shouldn't fail, but the keyring file should not be created since
+       // there are no keys to be exported.
+       keyring, err = CreateGPGKeyring("", []string{})
        if err != nil {
                t.Fatalf("Unexpected error: %s", err)
        }
 
-       if !lxd.PathExists(gpgDir) {
-               t.Fatalf("Failed to create gpg directory: %s", gpgDir)
+       if lxd.PathExists(keyring) {
+               t.Fatalf("GPG keyring '%s' should not exist", keyring)
        }
-       os.RemoveAll(gpgDir)
+       os.RemoveAll(path.Dir(keyring))
 }
diff --git a/sources/debootstrap.go b/sources/debootstrap.go
index b8b7086..8ff74fa 100644
--- a/sources/debootstrap.go
+++ b/sources/debootstrap.go
@@ -2,6 +2,7 @@ package sources
 
 import (
        "os"
+       "path"
        "path/filepath"
 
        "github.com/lxc/distrobuilder/shared"
@@ -30,13 +31,13 @@ func (s *Debootstrap) Run(source shared.DefinitionSource, 
release, arch, cacheDi
        }
 
        if len(source.Keys) > 0 {
-               gpgDir, err := shared.CreateGPGKeyring(source.Keyserver, 
source.Keys)
+               keyring, err := shared.CreateGPGKeyring(source.Keyserver, 
source.Keys)
                if err != nil {
                        return err
                }
-               defer os.RemoveAll(gpgDir)
+               defer os.RemoveAll(path.Base(keyring))
 
-               args = append(args, "--keyring", filepath.Join(gpgDir, 
"pubring.gpg"))
+               args = append(args, "--keyring", keyring)
        }
 
        args = append(args, release, filepath.Join(cacheDir, "rootfs"))
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to