[Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker

[Pino Toscano]

On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote:
> On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote:
> > Create a temporary directory and tell gpg to use it as homedir, so
> > imported keys do not get into the user's keyring. This also avoid
> > importing the default key when a different one is needed to check
> > the
> > signature.
> > 
> > The only exception is when a non-default fingerprint is used: in
> > this
> > case, that key is read from the user's keyring, since it is where it
> > is.
> The mkdtemp part is fine.  You could spin that off into a separate
> commit, so it could be a candidate for backporting.

Hm but it would not be used by anything else so far, so not sure what 
would the backport of it actually do.

> The rest I found a bit confusing.  What does it do exactly?

The idea is to use a disposable keyring for each Sigchecker.t, so 
imported keys used for checking won't be imported directly into the 
user's keyring. The "exception" would be when asking to use a 
fingerprint different than the default one, which would be taken from 
the user's keyring.

Currently it does not make much difference, since the only key not in 
user's keyring would be only the default one. In the future, external 
keys stored in own files would be imported in each Sigchecker.t, so not 
tampering the user's keyring.
The current patch is a small step in that direction (the rest is 
basically almost done).

I'm not sure what is confusing in the patch though...

-- 
Pino Toscano