Opened 15 years ago
Closed 14 years ago
#17787 closed defect (fixed)
p5-module-signature Makefile.PL should not run "gpg --list-public-keys"
| Reported by: | vinc17@… | Owned by: | narf_tm@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.7.0 |
| Keywords: | Cc: | ||
| Port: | p5-module-signature |
Description
This is an upstream bug, but this has a particularly nasty effect with MacPorts: it can create config files belonging to root in the user's home directory:
drwx------ 7 root vinc17 238 2008-12-26 23:51:36 /Users/vinc17/.gnupg/
The build shows:
Looking for GNU Privacy Guard (gpg), a cryptographic signature tool... gpg: directory `/Users/vinc17/.gnupg' created gpg: new configuration file `/Users/vinc17/.gnupg/gpg.conf' created gpg: WARNING: options in `/Users/vinc17/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/Users/vinc17/.gnupg/pubring.gpg' created gpg: /Users/vinc17/.gnupg/trustdb.gpg: trustdb created GnuPG found (/opt/local/bin/gpg). Import PAUSE and author keys to GnuPG? [y] y Importing... done.
I think the Makefile.PL should be patched by removing the and defined `gpg --list-public-keys`.
Change History (4)
comment:1 Changed 15 years ago by vinc17@…
comment:3 Changed 15 years ago by tobypeterson
| Priority: | High → Normal |
|---|
comment:4 Changed 14 years ago by jmroot (Joshua Root)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This was fixed by r67748.
Note: See
TracTickets for help on using
tickets.
This is even worse: even if pubring.gpg already exists, it becomes owned by root.