Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify-sig.eclass: Workaround GPG problems with long TMPDIR #28180

Closed
wants to merge 1 commit into from
Closed

verify-sig.eclass: Workaround GPG problems with long TMPDIR #28180

wants to merge 1 commit into from

Conversation

mgorny
Copy link
Member

@mgorny mgorny commented Nov 8, 2022

Force using TMPDIR=/tmp to workaround GPG failing when TMPDIR happens to be long enough to cause UNIX socket paths to exceed the system limit.

Closes: https://bugs.gentoo.org/854492
Signed-off-by: Michał Górny mgorny@gentoo.org

@mgorny
verify-sig.eclass: Workaround GPG problems with long TMPDIR
8710916 
Force using TMPDIR=/tmp to workaround GPG failing when TMPDIR happens
to be long enough to cause UNIX socket paths to exceed the system limit.

Closes: https://bugs.gentoo.org/854492
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@gentoo-bot
Copy link

Pull Request assignment

Submitter: @mgorny
Areas affected: eclasses
Packages affected: (none)

@gentoo/github

Linked bugs

Bugs linked: 854492

New packages

This Pull Request appears to be introducing new packages only. Due to limited manpower, adding new packages is considered low priority. This does not mean that your Pull Request will not receive any attention, however, it might take quite some time for it to be reviewed. In the meantime, your new ebuild might find a home in the GURU project repository: the ebuild repository maintained collaboratively by Gentoo users. GURU offers your ebuild a place to be reviewed and improved by other Gentoo users, while making it easy for Gentoo users to install it and enjoy the software it adds.

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added need assignment It was impossible to assign the PR correctly. Please assign it manually. bug linked Bug/Closes found in footer, and cross-linked with the PR. labels Nov 8, 2022
thesamesam
thesamesam reviewed Nov 8, 2022
View reviewed changes
eclass/verify-sig.eclass
@@ -141,6 +141,9 @@ verify-sig_verify_detached() {
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it definitely clean up after itself?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, gemato does.

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-11-08 04:58 UTC
Newest commit scanned: 8710916
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/9a10dd3852/output.html

ajakk
ajakk reviewed Nov 8, 2022
View reviewed changes
eclass/verify-sig.eclass
@@ -141,6 +141,9 @@ verify-sig_verify_detached() {
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we want /tmp directly and not an mktemp dir? That would head of certain classes of vulnerabilities, I guess, but I've not investigated the potential in depth.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gemato does use a tempfile.TemporaryDirectory() on top of that.

@mgorny mgorny closed this Nov 10, 2022
@mgorny mgorny deleted the verify-sig-gpg branch November 10, 2022 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thesamesam thesamesam thesamesam approved these changes

@ajakk ajakk ajakk approved these changes

Assignees
No one assigned
Labels
bug linked Bug/Closes found in footer, and cross-linked with the PR. need assignment It was impossible to assign the PR correctly. Please assign it manually.
Projects
None yet
Milestone
No milestone
5 participants
@mgorny @gentoo-bot @gentoo-repo-qa-bot @thesamesam @ajakk