|Summary:||really bad idea in libgcrypt-1.2.0 installation|
|Product:||Ports & Packages||Reporter:||Lupe Christoph <lupe>|
|Component:||Individual Port(s)||Assignee:||Tilman Keskinoz <arved>|
|Severity:||Affects Only Me|
Description Lupe Christoph 2004-05-09 14:40:13 UTC
Upon installation, gpg is used to verify a signature: ===> Verifying GnuPG Signature. /usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring --keyserver pgp.mit.edu --recv-key 57548DCD gpg: /root/.gnupg: directory created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created gpg: can't get key from keyserver: No route to host gpg: Total number processed: 0 *** Error code 2 (ignored) cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify libgcrypt-1.2.0.tar.gz.sig libgcrypt-1.2.0.tar.gz gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD gpg: Can't check signature: public key not found *** Error code 2 This creates a gpg infrastructure for root that wasn't there before and is not intended to be there. Fetching the key fails on this machine because it is a firewall with extremely limited permissions to the outside world. Please implement an environment variable that permits one to suppress the verification even on machines with gpg installed. Fix: Remove lines in pre-extract from port's Makefile. How-To-Repeat: 1) install gpg 2) Do not iniatialize gpg for root. 3) Use a firewall to limit outgoing connections.
Comment 1 Mark Linimon 2004-05-09 17:49:53 UTC
Responsible Changed From-To: freebsd-ports-bugs->arved Over to maintainer.
Comment 2 Tilman Keskinoz 2004-09-03 22:37:49 UTC
State Changed From-To: open->closed I have removed the gpg sigchecking code. Unfortunately I don't have the time to fix the bugs in the current version.