[lxc-devel] [distrobuilder/master] shared: Fix GPG
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Tue Mar 6 13:37:22 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 363 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180306/d3b1f0c5/attachment.bin>
-------------- next part --------------
From 4ad8b8959b691323265cdc8fba600f26c4936e27 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 6 Mar 2018 14:36:52 +0100
Subject: [PATCH] shared: Fix GPG
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
shared/util.go | 22 +++++++++++++++-------
shared/util_test.go | 20 +++++++++++---------
sources/debootstrap.go | 7 ++++---
3 files changed, 30 insertions(+), 19 deletions(-)
diff --git a/shared/util.go b/shared/util.go
index 0e40c0c..598104d 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -3,8 +3,10 @@ package shared
import (
"fmt"
"io"
+ "io/ioutil"
"os"
"os/exec"
+ "path"
"path/filepath"
"regexp"
"strconv"
@@ -57,19 +59,22 @@ func RunCommand(name string, arg ...string) error {
// VerifyFile verifies a file using gpg.
func VerifyFile(signedFile, signatureFile string, keys []string, keyserver string) (bool, error) {
- gpgDir, err := CreateGPGKeyring(keyserver, keys)
+ keyring, err := CreateGPGKeyring(keyserver, keys)
if err != nil {
return false, err
}
+ gpgDir := path.Dir(keyring)
defer os.RemoveAll(gpgDir)
if signatureFile != "" {
- out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--verify", signatureFile, signedFile)
+ out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--keyring", keyring,
+ "--verify", signatureFile, signedFile)
if err != nil {
return false, fmt.Errorf("Failed to verify: %s", out)
}
} else {
- out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--verify", signedFile)
+ out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--keyring", keyring,
+ "--verify", signedFile)
if err != nil {
return false, fmt.Errorf("Failed to verify: %s", out)
}
@@ -80,9 +85,12 @@ func VerifyFile(signedFile, signatureFile string, keys []string, keyserver strin
// CreateGPGKeyring creates a new GPG keyring.
func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
- gpgDir := filepath.Join(os.TempDir(), "distrobuilder.gpg")
+ gpgDir, err := ioutil.TempDir(os.TempDir(), "distrobuilder.")
+ if err != nil {
+ return "", fmt.Errorf("Failed to create gpg directory: %s", err)
+ }
- err := os.MkdirAll(gpgDir, 0700)
+ err = os.MkdirAll(gpgDir, 0700)
if err != nil {
return "", err
}
@@ -103,13 +111,13 @@ func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
// Export keys to support gpg1 and gpg2
out, err = lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", "--output",
- filepath.Join(gpgDir, "pubring.gpg"))
+ filepath.Join(gpgDir, "distrobuilder.gpg"))
if err != nil {
os.RemoveAll(gpgDir)
return "", fmt.Errorf("Failed to export keyring: %s", out)
}
- return gpgDir, nil
+ return filepath.Join(gpgDir, "distrobuilder.gpg"), nil
}
// Pack creates an xz-compressed tarball.
diff --git a/shared/util_test.go b/shared/util_test.go
index ea7365a..dd23c02 100644
--- a/shared/util_test.go
+++ b/shared/util_test.go
@@ -3,6 +3,7 @@ package shared
import (
"log"
"os"
+ "path"
"path/filepath"
"testing"
@@ -91,24 +92,25 @@ func TestVerifyFile(t *testing.T) {
}
func TestCreateGPGKeyring(t *testing.T) {
- gpgDir, err := CreateGPGKeyring("pgp.mit.edu", []string{"0x5DE8949A899C8D99"})
+ keyring, err := CreateGPGKeyring("pgp.mit.edu", []string{"0x5DE8949A899C8D99"})
if err != nil {
t.Fatalf("Unexpected error: %s", err)
}
- if !lxd.PathExists(gpgDir) {
- t.Fatalf("Failed to create gpg directory: %s", gpgDir)
+ if !lxd.PathExists(keyring) {
+ t.Fatalf("Failed to create GPG keyring '%s'", keyring)
}
- os.RemoveAll(gpgDir)
+ os.RemoveAll(path.Dir(keyring))
- // This shouldn't fail either.
- gpgDir, err = CreateGPGKeyring("", []string{})
+ // This shouldn't fail, but the keyring file should not be created since
+ // there are no keys to be exported.
+ keyring, err = CreateGPGKeyring("", []string{})
if err != nil {
t.Fatalf("Unexpected error: %s", err)
}
- if !lxd.PathExists(gpgDir) {
- t.Fatalf("Failed to create gpg directory: %s", gpgDir)
+ if lxd.PathExists(keyring) {
+ t.Fatalf("GPG keyring '%s' should not exist", keyring)
}
- os.RemoveAll(gpgDir)
+ os.RemoveAll(path.Dir(keyring))
}
diff --git a/sources/debootstrap.go b/sources/debootstrap.go
index b8b7086..8ff74fa 100644
--- a/sources/debootstrap.go
+++ b/sources/debootstrap.go
@@ -2,6 +2,7 @@ package sources
import (
"os"
+ "path"
"path/filepath"
"github.com/lxc/distrobuilder/shared"
@@ -30,13 +31,13 @@ func (s *Debootstrap) Run(source shared.DefinitionSource, release, arch, cacheDi
}
if len(source.Keys) > 0 {
- gpgDir, err := shared.CreateGPGKeyring(source.Keyserver, source.Keys)
+ keyring, err := shared.CreateGPGKeyring(source.Keyserver, source.Keys)
if err != nil {
return err
}
- defer os.RemoveAll(gpgDir)
+ defer os.RemoveAll(path.Base(keyring))
- args = append(args, "--keyring", filepath.Join(gpgDir, "pubring.gpg"))
+ args = append(args, "--keyring", keyring)
}
args = append(args, release, filepath.Join(cacheDir, "rootfs"))
More information about the lxc-devel
mailing list