Bug 66417 - really bad idea in libgcrypt-1.2.0 installation
Summary: really bad idea in libgcrypt-1.2.0 installation
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Tilman Keskinoz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-09 14:40 UTC by Lupe Christoph
Modified: 2004-09-03 22:38 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lupe Christoph 2004-05-09 14:40:13 UTC
	Upon installation, gpg is used to verify a signature:
	===> Verifying GnuPG Signature.
	/usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring  --keyserver pgp.mit.edu --recv-key 57548DCD
	gpg: /root/.gnupg: directory created
	gpg: new configuration file `/root/.gnupg/gpg.conf' created
	gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
	gpg: keyring `/root/.gnupg/secring.gpg' created
	gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created
	gpg: can't get key from keyserver: No route to host
	gpg: Total number processed: 0
	*** Error code 2 (ignored)
	cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify  libgcrypt-1.2.0.tar.gz.sig  libgcrypt-1.2.0.tar.gz
	gpg: keyring `/root/.gnupg/pubring.gpg' created
	gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD
	gpg: Can't check signature: public key not found
	*** Error code 2

	This creates a gpg infrastructure for root that wasn't there before and
	is not intended to be there.

	Fetching the key fails on this machine because it is a firewall with
	extremely limited permissions to the outside world.

	Please implement an environment variable that permits one to suppress
	the verification even on machines with gpg installed.

Fix: 

Remove lines in pre-extract from port's Makefile.
How-To-Repeat: 	1) install gpg
	2) Do not iniatialize gpg for root.
	3) Use a firewall to limit outgoing connections.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2004-05-09 17:49:53 UTC
Responsible Changed
From-To: freebsd-ports-bugs->arved

Over to maintainer.
Comment 2 Tilman Keskinoz freebsd_committer 2004-09-03 22:37:49 UTC
State Changed
From-To: open->closed

I have removed the gpg sigchecking code. 

Unfortunately I don't have the time to fix the bugs in the current version.