[BUG] `gpg.verify` does not respect gnupghome #63145

lkubb · 2022-11-30T02:23:22Z

Description
Specified gnupghome param for gpg.verify is disregarded.

Setup
irrelevant

Steps to Reproduce the behavior

$ mkdir -p /tmp/gpgtest
$ GNUPGHOME=/tmp/gpgtest gpg --no-default-keyring --keyring trustedkeys.gpg --fingerprint
$ GNUPGHOME=/tmp/gpgtest gpg --receive-key DED1FEF44297A15CAD9AE28318CDB3ED5E85D2D4
$ GNUPGHOME=/tmp/gpgtest gpg --list-keys
/tmp/gpgtest/pubring.kbx
------------------------
pub   rsa4096 2019-11-20 [SC] [expires: 2026-11-18]
[...]
$ curl -o /tmp/checksum.txt.asc 'https://objects.githubusercontent.com/github-production-release-asset-2e65be/322815106/389008d9-44e9-4ac9-a574-84e36cf57b20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221130%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221130T021523Z&X-Amz-Expires=300&X-Amz-Signature=22803fc21b64827da3ab8d339cf1f98e718bf397ea26008d53c91282cdb870a2&X-Amz-SignedHeaders=host&actor_id=2163936&key_id=0&repo_id=322815106&response-content-disposition=attachment%3B%20filename%3Dchecksum.txt.asc&response-content-type=application%2Foctet-stream'
$ GNUPGHOME=/tmp/gpgtest gpg --verify /tmp/checksum.txt.asc
gpg: Signature made Thu Oct 27 13:45:09 2022 CEST
gpg:                using RSA key DED1FEF44297A15CAD9AE28318CDB3ED5E85D2D4
gpg: Good signature from [...]
$ salt-call gpg.list_keys gnupghome=/tmp/gpgtest
local:
    |_
      ----------
      created:
          2019-11-20
      expires:
          2026-11-18
      fingerprint:
          DED1FEF44297A15CAD9AE28318CDB3ED5E85D2D4
[...]
$ salt-call gpg.verify gnupghome=/tmp/gpgtest filename=/tmp/checksum.txt.asc
local:
    ----------
    message:
        The signature could not be verified.
    res:
        False

Expected behavior
Use overridden GNUPGHOME

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: 4.0.9
     gitpython: 3.1.29
        Jinja2: 3.1.0
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.9.14 (main, Sep 27 2022, 00:00:00)
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
         smmap: 5.0.0
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: rocky 9.0 Blue Onyx
        locale: utf-8
       machine: x86_64
       release: 5.14.0-70.26.1.el9_0.x86_64
        system: Linux
       version: Rocky Linux 9.0 Blue Onyx

Additional context

salt/salt/modules/gpg.py

Line 1149 in 0c474f0

gpg = _create_gpg(user)

This is a single line fix

The text was updated successfully, but these errors were encountered:

lkubb added Bug broken, incorrect, or confusing behavior needs-triage labels Nov 30, 2022

OrangeDog added the Execution-Module label Nov 30, 2022

lkubb mentioned this issue Nov 30, 2022

Make gpg.verify respect gnupghome #63152

Merged

3 tasks

Ch3LL closed this as completed in #63152 Dec 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] `gpg.verify` does not respect gnupghome #63145

[BUG] `gpg.verify` does not respect gnupghome #63145

lkubb commented Nov 30, 2022

[BUG] gpg.verify does not respect gnupghome #63145

[BUG] gpg.verify does not respect gnupghome #63145

Comments

lkubb commented Nov 30, 2022

[BUG] `gpg.verify` does not respect gnupghome #63145

[BUG] `gpg.verify` does not respect gnupghome #63145