Re: [Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker

On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote: > On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote: > > Create a temporary directory and tell gpg to use it as homedir, so > > imported keys do not get into the user's keyring. This also avoid > > importing the default key when a different one is needed to check > > the > > signature. > > > > The only exception is when a non-default fingerprint is used: in > > this > > case, that key is read from the user's keyring, since it is where it > > is. > The mkdtemp part is fine. You could spin that off into a separate > commit, so it could be a candidate for backporting. Hm but it would not be used by anything else so far, so not sure what would the backport of it actually do.

> The rest I found a bit confusing. What does it do exactly? The idea is to use a disposable keyring for each Sigchecker.t, so imported keys used for checking won't be imported directly into the user's keyring. The "exception" would be when asking to use a fingerprint different than the default one, which would be taken from the user's keyring. Currently it does not make much difference, since the only key not in user's keyring would be only the default one. In the future, external keys stored in own files would be imported in each Sigchecker.t, so not tampering the user's keyring. The current patch is a small step in that direction (the rest is basically almost done). I'm not sure what is confusing in the patch though...