[buildd-tools-devel] Bug#606668: Bug#606668: Bug#606668: sbuild: shouldn't read gpg.conf when signing dummy archive key
Roger Leigh
rleigh at codelibre.net
Sun Dec 12 19:23:08 UTC 2010
On Sun, Dec 12, 2010 at 11:50:40AM +0000, Roger Leigh wrote:
> tags 606668 + fixed-upstream pending
> thanks
>
> On Fri, Dec 10, 2010 at 06:31:39PM +0000, Simon McVittie wrote:
> > My gpg.conf sets up a non-default secret keyring in a location that sbuild
> > can't see. This causes signing of the dummy archive key to fail when using
> > the aptitude resolver (because --secret-keyring appears to have the semantics
> > of "add another secret keyring", not "replace the secret keyring", and gpg
> > refuses to run unless it can access all of its secret keyrings).
> >
> > Please see attached patch, which makes the gpg run by sbuild not use ~/.gnupg
> > at all.
>
> Many thanks, I've applied the patch. Should we be setting --homedir
> to a completely empty directory or is $dummy_archive_dir safe
> enough?
I've implemented this as well now, which should be a bit safer than
using the resolver archive dir.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101212/91567410/attachment.pgp>
More information about the Buildd-tools-devel
mailing list