[Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker
Richard W.M. Jones
rjones at redhat.com
Fri Feb 21 11:10:54 UTC 2014
On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote:
> Create a temporary directory and tell gpg to use it as homedir, so
> imported keys do not get into the user's keyring. This also avoid
> importing the default key when a different one is needed to check the
> signature.
>
> The only exception is when a non-default fingerprint is used: in this
> case, that key is read from the user's keyring, since it is where it is.
The mkdtemp part is fine. You could spin that off into a separate
commit, so it could be a candidate for backporting.
The rest I found a bit confusing. What does it do exactly?
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index b20a186..10e342e 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -95,21 +95,38 @@ ZvXkQ3FVJwZoLmHw47vvlVpLD/4gi1SuHWieRvZ+UdDq00E348pm
> =neBW
> -----END PGP PUBLIC KEY BLOCK-----
> "
> -let key_imported = ref false
>
> type t = {
> debug : bool;
> gpg : string;
> fingerprint : string;
> check_signature : bool;
> + gpghome : string;
> + mutable key_imported : bool;
> }
>
> let create ~debug ~gpg ~fingerprint ~check_signature =
> + (* Create a temporary directory for gnupg. *)
> + let tmpdir = Mkdtemp.mkdtemp (Filename.temp_dir_name // "vb.gpghome.XXXXXX") in
> + rmdir_on_exit tmpdir;
> + (* Run gpg once, so it can setup its own home directory, failing
> + * if it cannot.
> + *)
> + let cmd = sprintf "%s --homedir %s --list-keys%s"
> + gpg tmpdir (if debug then "" else " >/dev/null 2>&1") in
> + if debug then eprintf "%s\n%!" cmd;
> + let r = Sys.command cmd in
> + if r <> 0 then (
> + eprintf (f_"virt-builder: error: GPG failure: could not run GPG the first time\nUse the '-v' option and look for earlier error messages.\n");
> + exit 1
> + );
> {
> debug = debug;
> gpg = gpg;
> fingerprint = fingerprint;
> check_signature = check_signature;
> + gpghome = tmpdir;
> + key_imported = false;
> }
>
> (* Compare two strings of hex digits ignoring whitespace and case. *)
> @@ -159,8 +176,9 @@ and do_verify t args =
> let status_file = Filename.temp_file "vbstat" ".txt" in
> unlink_on_exit status_file;
> let cmd =
> - sprintf "%s --verify%s --status-file %s %s"
> - t.gpg (if t.debug then "" else " -q --logger-file /dev/null")
> + sprintf "%s --homedir %s --verify%s --status-file %s %s"
> + t.gpg t.gpghome
> + (if t.debug then "" else " -q --logger-file /dev/null")
> (quote status_file) args in
> if t.debug then eprintf "%s\n%!" cmd;
> let r = Sys.command cmd in
> @@ -188,23 +206,40 @@ and do_verify t args =
> exit 1
> )
>
> -(* Import the default public key. *)
> +(* Import the requested public key. *)
> and import_key t =
> - if not !key_imported then (
> - let filename, chan = Filename.open_temp_file "vbpubkey" ".asc" in
> - unlink_on_exit filename;
> - output_string chan default_pubkey;
> - close_out chan;
> -
> - let cmd = sprintf "%s --import %s%s"
> - t.gpg (quote filename)
> + if not t.key_imported then (
> + let keyfile = ref "" in
> + if equal_fingerprints default_fingerprint t.fingerprint then (
> + let filename, chan = Filename.open_temp_file "vbpubkey" ".asc" in
> + unlink_on_exit filename;
> + output_string chan default_pubkey;
> + close_out chan;
> + keyfile := filename
> + ) else (
> + let filename = Filename.temp_file "vbpubkey" ".asc" in
> + unlink_on_exit filename;
> + let cmd = sprintf "%s --yes --armor --output %s --export %s%s"
> + t.gpg (quote filename) (quote t.fingerprint)
> + (if t.debug then "" else " >/dev/null 2>&1") in
> + if t.debug then eprintf "%s\n%!" cmd;
> + let r = Sys.command cmd in
> + if r <> 0 then (
> + eprintf (f_"virt-builder: error: could not export public key\nUse the '-v' option and look for earlier error messages.\n");
> + exit 1
> + );
> + keyfile := filename
> + );
> +
> + let cmd = sprintf "%s --homedir %s --import %s%s"
> + t.gpg t.gpghome (quote !keyfile)
> (if t.debug then "" else " >/dev/null 2>&1") in
> let r = Sys.command cmd in
> if r <> 0 then (
> eprintf (f_"virt-builder: error: could not import public key\nUse the '-v' option and look for earlier error messages.\n");
> exit 1
> );
> - key_imported := true
> + t.key_imported <- true
> )
>
> type csum_t = SHA512 of string
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list