commit: 77e44971ba8d71f77ac51e6d136b9b6295499ffa
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Mon Jun 16 12:01:11 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 17 03:00:39 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=77e44971
emerge-webrsync: specify GNUPGHOME in check_file_signature_gpg_unwrapped()
Presently, the check_file_signature_gpg_unwrapped() repeatedly specifies
the --homedir option in the course of executing gpg(1). Simplify matters
by instead defining GNUPGHOME as a local, exportable variable.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/emerge-webrsync | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index f32336f05d..d15cbed310 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -285,7 +285,8 @@ check_file_signature_gemato() {
check_file_signature_gpg_unwrapped() {
local signature=$1 file=$2
- local gpgdir key
+ local -x GNUPGHOME
+ local key
if type -P gpg > /dev/null; then
if [[ -n ${PORTAGE_GPG_KEY} ]] ; then
@@ -299,20 +300,19 @@ check_file_signature_gpg_unwrapped() {
die "Needed keys unavailable! Install its package or
set PORTAGE_GPG_KEY to the right path."
fi
- gpgdir="${PORTAGE_GPG_DIR}"
- if [[ ! ${gpgdir} ]]; then
+ if [[ ! ${GNUPGHOME=${PORTAGE_GPG_DIR}} ]]; then
# The PORTAGE_GPG_DIR variable is either unset or
# empty. Create a temporary directory to contain an
# ephemeral keyring into which Gentoo's distributed
# public key block shall be imported.
- gpgdir=$(mktemp -d --
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
- && gpg --no-default-keyring --homedir "${gpgdir}"
--batch --import "${key}" \
+ GNUPGHOME=$(mktemp -d --
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
+ && gpg --no-default-keyring --batch --import "${key}" \
|| exit
- elif [[ ! -w ${gpgdir} ]] ; then
- die "gpgdir is not writable: ${gpgdir}"
+ elif [[ ! -w ${GNUPGHOME} ]]; then
+ die "gpgdir is not writable: ${GNUPGHOME}"
fi
- if ! gpg_verify "${gpgdir}" "${signature}" "${file}"; then
+ if ! gpg_verify "${signature}" "${file}"; then
# Exit early since it's typically inappropriate to try
# other mirrors in this case (it may indicate a keyring
# problem).
@@ -324,11 +324,11 @@ check_file_signature_gpg_unwrapped() {
}
gpg_verify() {
- local gpgdir=$1 signature=$2 file=$3
+ local signature=$1 file=$2
local output token
#
https://www.gnupg.org/documentation/manuals/gnupg/Automated-signature-checking.html
- output=$(gpg --no-default-keyring --homedir "${gpgdir}" --batch
--status-fd 1 --verify "${signature}" "${file}") || return
+ output=$(gpg --no-default-keyring --batch --status-fd 1 --verify
"${signature}" "${file}") || return
for token in GOODSIG VALIDSIG TRUST_ULTIMATE; do
[[ $'\n'${output} == *$'\n[GNUPG:] '"${token} "* ]] || return
done
