Gpgverify assumes wrong default gnupg setup (with patch)

Toon van der Pas toon at hout.vanvergehaald.nl
Sat Feb 28 23:01:48 UTC 2004 

On Sat, Feb 28, 2004 at 01:10:06PM -0800, Russ Allbery wrote:
> Toon van der Pas <toon at hout.vanvergehaald.nl> writes:
> 
> > But then the INSTALL text should be changed to reflect the fact that it
> > doesn't work with the default pgp and gnupg setups.  Right now it states
> > that the default location WILL work.
> 
> The INSTALL text correctly describes the intended behavior.
> In what way does it not work?

I think so too. The INSTALL text describes the indended behaviour,
but the code doesn't implement it the way it is described.
The INSTALL text says:

    "INN expects the public key ring to either be in the default
    location for a PGP public key ring for the news user (generally
    ~news/.gnupg for GnuPG and ~news/.pgp for old PGP implementations),
    or in pathetc/pgp (/usr/local/news/etc/pgp by default).
    The latter is the recommended path."

So according to the INSTALL text /usr/local/news/etc/pgp is the
preferred location, but the default pgp/gnupg keyring location
should work out-of-the-box too.  The comment in the gpgverify
script agrees with this, but the accompanying code doesn't.
It simply doesn't work with the keyring at the default location.

> > And the pgpverify manpage needs some attention as well:
> 
> >    By default, when running as part of INN, pgpverify expects the
> >    PGP key ring to be found in pathetc/pgp (as either pubring.pgp
> >    or pubring.gpg depending on whether PGP or GnuPG is used to
> >    verify signatures).  If that directory doesn't exist, it will
> >    fall back on using the default key ring, which is in a .pgp or
> >    .gnupg subdirectory of the running user's home directory.
> 
> > It doesn't fall back at all.
> 
> How does it not fall back?  Here's the code in pgpverify:

It doesn't fall back to the default keyring location when there
is no keyring available at the location /usr/local/news/etc/pgp.


> if (! $keyring && $inn::newsetc) {
>   $keyring = $inn::newsetc . '/pgp' if -d $inn::newsetc . '/pgp';
> }
> 
> Why does this not work for you?

Well, that should now be obvious, given my explanation above.
It doesn't fall back to ~/.pgp and/or ~/.gnupg for the keyring location.

Sorry, the whole discussion runs out of control a little.
It is getting longer and more complicated than I intended.
It's not such a big deal. I only wanted to correct a small error
so other users won't have to solve the same puzzle over and over
again.

Thanks for all the good work.
INN hums along nicely over here.
Regards,
Toon.
-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

More information about the inn-workers mailing list