[Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker
Richard W.M. Jones
rjones at redhat.com
Fri Feb 21 13:04:34 UTC 2014
On Fri, Feb 21, 2014 at 01:50:30PM +0100, Pino Toscano wrote:
> On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote:
> > On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote:
> > > Create a temporary directory and tell gpg to use it as homedir, so
> > > imported keys do not get into the user's keyring. This also avoid
> > > importing the default key when a different one is needed to check
> > > the
> > > signature.
> > >
> > > The only exception is when a non-default fingerprint is used: in
> > > this
> > > case, that key is read from the user's keyring, since it is where it
> > > is.
> > The mkdtemp part is fine. You could spin that off into a separate
> > commit, so it could be a candidate for backporting.
>
> Hm but it would not be used by anything else so far, so not sure what
> would the backport of it actually do.
Just thinking that we might use the mkdtemp binding somewhere else.
sysprep/sysprep_operation_script.ml is one candidate.
> > The rest I found a bit confusing. What does it do exactly?
>
> The idea is to use a disposable keyring for each Sigchecker.t, so
> imported keys used for checking won't be imported directly into the
> user's keyring. The "exception" would be when asking to use a
> fingerprint different than the default one, which would be taken from
> the user's keyring.
>
> Currently it does not make much difference, since the only key not in
> user's keyring would be only the default one. In the future, external
> keys stored in own files would be imported in each Sigchecker.t, so not
> tampering the user's keyring.
> The current patch is a small step in that direction (the rest is
> basically almost done).
>
> I'm not sure what is confusing in the patch though...
OK, I see.
ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list