On 25/03/11 11:32, Dan McGee wrote:
On Thu, Mar 24, 2011 at 8:00 PM, Denis A. AltoƩ Falqueto
<denisfalqu...@gmail.com> wrote:
On Thu, Mar 24, 2011 at 8:05 PM, Ray Kohler<ataraxia...@gmail.com> wrote:
Signed-off-by: Ray Kohler<ataraxia...@gmail.com>
---
scripts/pacman-key.sh.in | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 5746e64..ccc7f92 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -246,6 +246,12 @@ if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
fi
GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
+# Try to create $PACMAN_KEYRING_DIR if non-existent
+# Check for simple existence rather than for a directory as someone may want
+# to use a symlink here
+# Force mode 700 as gpg complains if any group or other access is present
+[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 700 "${PACMAN_KEYRING_DIR}"
Why 700? Any reason a normal user should not be able to read this and
validate a package on a non-root operation? e.g. pacman -Qlp<package>
should run our GPG machinery eventually if a .sig is sitting
alongside.
gpg makes warnings about anything else. These warnings can be
suppressed with command-line gpg usage, so I guess they can be
suppressed in gpgme.
Allan
