man page example for `--gpg` option doesn't work

libguestfs / guestfs-tools

Tools for accessing and modifying guest disk images

https://libguestfs.org

GNU General Public License v2.0

14 stars 6 forks source link

man page example for `--gpg` option doesn't work #11

Open ehuelsmann opened 1 year ago

ehuelsmann commented 1 year ago

The --gpg option is documented as:

--gpg GPG
           Specify an alternate [gpg](https://manpages.ubuntu.com/manpages/trusty/man1/gpg.1.html)(1) (GNU Privacy Guard) binary.  You can also use this to add
           gpg parameters, for example to specify an alternate home directory:

            virt-builder --gpg "gpg --homedir [/tmp](file:///tmp)" [...]

but when running virt-builder --verbose --no-delete-on-failure --cache /var/lib/laminar/run/accountnet-sql-ledger-vm/workspace --gpg 'gpg --homedir /tmp/tmp.A8tzqrzgKj' -o appliance.qcow2 -m 4096 --smp 2 --format qcow2 --arch amd64 --size 20G --commands-from-file virt-builder-commands debian-11, gpg gets invoked as:

gpg --homedir /tmp/tmp.A8tzqrzgKj --homedir /var/lib/laminar/run/accountnet-sql-ledger-vm/28/sql-ledger-vm/tmp/virt-builder.4ZLfvk

clearly overriding the homedir passed to gpg with a second homedir argument derived from the value of TMPDIR.

rwmjones commented 1 year ago

Yes this is indeed a bug.

ehuelsmann commented 1 year ago

While implementing a wrapper which sets the --homedir argument, I discovered that overriding the homedir argument to gpg is possible, but a lot more complex than expected: virt-builder creates 2 separate gpg home directories and mapping both to the same home directory by way of a wrapper script (gpg-proxy), makes the build fail with:

$ ./gpg-proxy --homedir /var/lib/laminar/run/accountnet-sql-ledger-vm/42/sql-ledger-vm/tmp/virt-builder.QoTaEs/vb.gpghome.rC0YXu --trusted-key '' --list-keys
+ /usr/bin/gpg --homedir /tmp/tmp.D6QE9z6Z3u --trusted-key '' --list-keys
gpg: '' is not a valid long keyID

ehuelsmann commented 1 year ago

I'm using this rather complex script to work around the "2 gpg homedirs" problem:

#!/bin/bash

declare -A homedirs

touch gpg.homedirs

source gpg.homedirs

args=("$@")
for ((i=0; i<"${#args[@]}"; ++i)); do
    case ${args[i]} in
        --homedir) unset args[i]; homedir=${args[i+1]}; unset args[i+1]; break;;
    esac
done

if [ -n "$homedir" ]; then
   echo "homedir: $homedir"
   echo "${homedirs[$homedir]}"
   if [ -n "${homedirs[$homedir]}" ]; then
      # override the home directory name
      homedir="--homedir ${homedirs[$homedir]}"
   else
      homedirs[$homedir]=$(TMP=$BUILD_GPGHOME mktemp -d)
      echo "homedirs[$homedir]=\"${homedirs[$homedir]}\"" >> gpg.homedirs
      homedir="--homedir ${homedirs[$homedir]}"
   fi
fi

set -x
/usr/bin/gpg $homedir "${args[@]}"

ehuelsmann commented 9 months ago

@rwmjones what can I do to expedite this issue?

rwmjones commented 9 months ago

You'll have to supply a patch. We call gpg here: https://github.com/rwmjones/guestfs-tools/blob/17fe00acfe15947f44d6d2922c1c525f042a2259/builder/sigchecker.ml#L41 (and several other places in this file)

It's all quite complicated and convoluted code. There's a case for making the --homedir parameter configurable on the command line as well, although it's not simple.