apt_repository with key option creates ~/.gnupg owned by root in Vagrant's homedir

[mconigliaro]

Cookbook version

2.9.2

Chef-client version

12.6.0

Platform Details

Ubuntu 14.04.4 LTS via Test Kitchen

Scenario:

Using apt_repository with the key option creates .gnupg owned by root under Vagrant's home dir. I think this might have something to do with vagrant's sudo environment, so maybe a Vagrant problem? Just a guess, but I'm not sure why else the execute resource (which runs commands as root by default) would cause files to be created under another user's homedir.

To work around that here, it might be enough to reset HOME before running apt-key in the repository provider.

Steps to Reproduce:

apt_repository 'foo' do
  uri ...
  distribution ...
  key ...
end

Expected Result:

The root user shouldn't be creating files in other users home directories.

Actual Result:

$ ls -al /home/vagrant/ | grep gnu
drwx------ 2 root    root    4096 May  3 17:57 .gnupg

[mconigliaro]

Interestingly, this just failed on me with a similar error when changing the user for execute.

execute "gpg --allow-secret-key-import --import #{gpg_key_private}" do
  user 'foo'
  only_if { ::File.exist?(gpg_key_private) }
end

gpg failed trying to write to /root/.gnupg as the foo user. Explicitly setting HOME to foo's home made this work again. So gpg definitely seems to get confused when HOME isn't set properly.

[tas50]

We've removed the apt_update and apt_repository resources from this cookbook as they were merged into core chef. I'm going to close this issue out now. If you think it's still valid against a new chef-client release please open it up against the chef/chef repo so we can work on it where the code now resides.