Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

man page example for --gpg option doesn't work #11

Open
ehuelsmann opened this issue Sep 22, 2022 · 5 comments
Open

man page example for --gpg option doesn't work #11

ehuelsmann opened this issue Sep 22, 2022 · 5 comments

Comments

@ehuelsmann
Copy link

The --gpg option is documented as:

--gpg GPG
           Specify an alternate [gpg](https://manpages.ubuntu.com/manpages/trusty/man1/gpg.1.html)(1) (GNU Privacy Guard) binary.  You can also use this to add
           gpg parameters, for example to specify an alternate home directory:

            virt-builder --gpg "gpg --homedir [/tmp](file:///tmp)" [...]

but when running virt-builder --verbose --no-delete-on-failure --cache /var/lib/laminar/run/accountnet-sql-ledger-vm/workspace --gpg 'gpg --homedir /tmp/tmp.A8tzqrzgKj' -o appliance.qcow2 -m 4096 --smp 2 --format qcow2 --arch amd64 --size 20G --commands-from-file virt-builder-commands debian-11, gpg gets invoked as:

gpg --homedir /tmp/tmp.A8tzqrzgKj --homedir /var/lib/laminar/run/accountnet-sql-ledger-vm/28/sql-ledger-vm/tmp/virt-builder.4ZLfvk

clearly overriding the homedir passed to gpg with a second homedir argument derived from the value of TMPDIR.
@rwmjones
Copy link
Member

Yes this is indeed a bug.

@ehuelsmann
Copy link
Author

While implementing a wrapper which sets the --homedir argument, I discovered that overriding the homedir argument to gpg is possible, but a lot more complex than expected: virt-builder creates 2 separate gpg home directories and mapping both to the same home directory by way of a wrapper script (gpg-proxy), makes the build fail with:

$ ./gpg-proxy --homedir /var/lib/laminar/run/accountnet-sql-ledger-vm/42/sql-ledger-vm/tmp/virt-builder.QoTaEs/vb.gpghome.rC0YXu --trusted-key '' --list-keys
+ /usr/bin/gpg --homedir /tmp/tmp.D6QE9z6Z3u --trusted-key '' --list-keys
gpg: '' is not a valid long keyID

@ehuelsmann
Copy link
Author

I'm using this rather complex script to work around the "2 gpg homedirs" problem:

#!/bin/bash

declare -A homedirs

touch gpg.homedirs

source gpg.homedirs

args=("$@")
for ((i=0; i<"${#args[@]}"; ++i)); do
    case ${args[i]} in
        --homedir) unset args[i]; homedir=${args[i+1]}; unset args[i+1]; break;;
    esac
done

if [ -n "$homedir" ]; then
   echo "homedir: $homedir"
   echo "${homedirs[$homedir]}"
   if [ -n "${homedirs[$homedir]}" ]; then
      # override the home directory name
      homedir="--homedir ${homedirs[$homedir]}"
   else
      homedirs[$homedir]=$(TMP=$BUILD_GPGHOME mktemp -d)
      echo "homedirs[$homedir]=\"${homedirs[$homedir]}\"" >> gpg.homedirs
      homedir="--homedir ${homedirs[$homedir]}"
   fi
fi

set -x
/usr/bin/gpg $homedir "${args[@]}"

@ehuelsmann
Copy link
Author

@rwmjones what can I do to expedite this issue?

@rwmjones
Copy link
Member

You'll have to supply a patch. We call gpg here:
https://github.com/rwmjones/guestfs-tools/blob/17fe00acfe15947f44d6d2922c1c525f042a2259/builder/sigchecker.ml#L41
(and several other places in this file)

It's all quite complicated and convoluted code. There's a case for making the --homedir parameter configurable on the command line as well, although it's not simple.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rwmjones @ehuelsmann