[Libguestfs] [PATCH v2] builder: Allow GnuPG v2 or v1 to be used (RHBZ#1438939).
Richard W.M. Jones
rjones at redhat.com
Thu Apr 6 10:23:46 UTC 2017
All of the GPG commands we run are compatible with either v1 or v2, so
this simply involves looking for either gpg2 or gpg binaries at
runtime.
---
builder/builder.ml | 10 ++++------
builder/cmdline.ml | 8 +++++++-
builder/virt-builder.pod | 7 +++++--
docs/guestfs-building.pod | 2 +-
4 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/builder/builder.ml b/builder/builder.ml
index 95f32edaf..b0a48ea89 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -148,12 +148,10 @@ let main () =
(* Check that gpg is installed. Optional as long as the user
* disables all signature checks.
*)
- let cmd = sprintf "%s --help >/dev/null 2>&1" cmdline.gpg in
- if shell_command cmd <> 0 then (
- if cmdline.check_signature then
- error (f_"gpg is not installed (or does not work)\nYou should install gpg, or use --gpg option, or use --no-check-signature.")
- else if verbose () then
- warning (f_"gpg program is not available")
+ if cmdline.check_signature then (
+ let cmd = sprintf "%s --help >/dev/null 2>&1" cmdline.gpg in
+ if cmdline.gpg = "" || shell_command cmd <> 0 then
+ error (f_"no GNU Privacy Guard (GnuPG, gpg) binary was found.\n\nEither gpg v1 or v2 can be installed to check signatures. Virt-builder looks for a binary called either ‘gpg2’ or ‘gpg‘ on the $PATH. You can also specify a binary using the ‘--gpg’ option. If you don't want to check signatures, use ’--no-check-signature’ but note that this may make you vulnerable to Man-In-The-Middle attacks.")
);
(* Check that curl works. *)
diff --git a/builder/cmdline.ml b/builder/cmdline.ml
index aa852e8f5..f20c0936c 100644
--- a/builder/cmdline.ml
+++ b/builder/cmdline.ml
@@ -87,7 +87,13 @@ let parse_cmdline () =
let add_fingerprint arg = push_front arg fingerprints in
let format = ref "" in
- let gpg = ref "gpg" in
+ let gpg =
+ try which "gpg2"
+ with Executable_not_found _ ->
+ try which "gpg"
+ with Executable_not_found _ ->
+ "" in
+ let gpg = ref gpg in
let list_format = ref List_entries.Short in
let list_set_long () = list_format := List_entries.Long in
diff --git a/builder/virt-builder.pod b/builder/virt-builder.pod
index b48b1241b..dbbd6469e 100644
--- a/builder/virt-builder.pod
+++ b/builder/virt-builder.pod
@@ -314,8 +314,10 @@ F</boot> directory of a guest, see L<virt-copy-out(1)>.
=item B<--gpg> GPG
-Specify an alternate L<gpg(1)> (GNU Privacy Guard) binary. You can
-also use this to add gpg parameters, for example to specify an
+Specify an alternate L<gpg(1)> (GNU Privacy Guard) binary. By default
+virt-builder looks for either C<gpg2> or C<gpg> in the C<$PATH>.
+
+You can also use this to add gpg parameters, for example to specify an
alternate home directory:
virt-builder --gpg "gpg --homedir /tmp" [...]
@@ -1880,6 +1882,7 @@ L<virt-resize(1)>,
L<virt-sysprep(1)>,
L<oz-install(1)>,
L<gpg(1)>,
+L<gpg2(1)>,
L<curl(1)>,
L<virt-make-fs(1)>,
L<genisoimage(1)>,
diff --git a/docs/guestfs-building.pod b/docs/guestfs-building.pod
index 5e314b34d..bfb46a02f 100644
--- a/docs/guestfs-building.pod
+++ b/docs/guestfs-building.pod
@@ -280,7 +280,7 @@ Optional. For the L<UML backend|guestfs(3)/BACKEND>.
Optional. Used by virt-builder for downloads.
-=item gpg
+=item GNU Privacy Guard (GnuPG, gpg) v1 or v2
Optional. Used by virt-builder for checking digital signatures.
--
2.12.0
More information about the Libguestfs
mailing list