Bug 66417 - really bad idea in libgcrypt-1.2.0 installation
Summary: really bad idea in libgcrypt-1.2.0 installation
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Tilman Keskinoz
Depends on:
Reported: 2004-05-09 14:40 UTC by Lupe Christoph
Modified: 2004-09-03 22:38 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Lupe Christoph 2004-05-09 14:40:13 UTC
	Upon installation, gpg is used to verify a signature:
	===> Verifying GnuPG Signature.
	/usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring  --keyserver pgp.mit.edu --recv-key 57548DCD
	gpg: /root/.gnupg: directory created
	gpg: new configuration file `/root/.gnupg/gpg.conf' created
	gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
	gpg: keyring `/root/.gnupg/secring.gpg' created
	gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created
	gpg: can't get key from keyserver: No route to host
	gpg: Total number processed: 0
	*** Error code 2 (ignored)
	cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify  libgcrypt-1.2.0.tar.gz.sig  libgcrypt-1.2.0.tar.gz
	gpg: keyring `/root/.gnupg/pubring.gpg' created
	gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD
	gpg: Can't check signature: public key not found
	*** Error code 2

	This creates a gpg infrastructure for root that wasn't there before and
	is not intended to be there.

	Fetching the key fails on this machine because it is a firewall with
	extremely limited permissions to the outside world.

	Please implement an environment variable that permits one to suppress
	the verification even on machines with gpg installed.


Remove lines in pre-extract from port's Makefile.
How-To-Repeat: 	1) install gpg
	2) Do not iniatialize gpg for root.
	3) Use a firewall to limit outgoing connections.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2004-05-09 17:49:53 UTC
Responsible Changed
From-To: freebsd-ports-bugs->arved

Over to maintainer.
Comment 2 Tilman Keskinoz freebsd_committer 2004-09-03 22:37:49 UTC
State Changed
From-To: open->closed

I have removed the gpg sigchecking code. 

Unfortunately I don't have the time to fix the bugs in the current version.