Bug 66417

Summary: really bad idea in libgcrypt-1.2.0 installation
Product: Ports & Packages Reporter: Lupe Christoph <lupe>
Component: Individual Port(s)Assignee: Tilman Keskinoz <arved>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Lupe Christoph 2004-05-09 14:40:13 UTC
	Upon installation, gpg is used to verify a signature:
	===> Verifying GnuPG Signature.
	/usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring  --keyserver pgp.mit.edu --recv-key 57548DCD
	gpg: /root/.gnupg: directory created
	gpg: new configuration file `/root/.gnupg/gpg.conf' created
	gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
	gpg: keyring `/root/.gnupg/secring.gpg' created
	gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created
	gpg: can't get key from keyserver: No route to host
	gpg: Total number processed: 0
	*** Error code 2 (ignored)
	cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify  libgcrypt-1.2.0.tar.gz.sig  libgcrypt-1.2.0.tar.gz
	gpg: keyring `/root/.gnupg/pubring.gpg' created
	gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD
	gpg: Can't check signature: public key not found
	*** Error code 2

	This creates a gpg infrastructure for root that wasn't there before and
	is not intended to be there.

	Fetching the key fails on this machine because it is a firewall with
	extremely limited permissions to the outside world.

	Please implement an environment variable that permits one to suppress
	the verification even on machines with gpg installed.

Fix: 

Remove lines in pre-extract from port's Makefile.
How-To-Repeat: 	1) install gpg
	2) Do not iniatialize gpg for root.
	3) Use a firewall to limit outgoing connections.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2004-05-09 17:49:53 UTC
Responsible Changed
From-To: freebsd-ports-bugs->arved

Over to maintainer.
Comment 2 Tilman Keskinoz freebsd_committer 2004-09-03 22:37:49 UTC
State Changed
From-To: open->closed

I have removed the gpg sigchecking code. 

Unfortunately I don't have the time to fix the bugs in the current version.