search

wied03 / cookbook-gpg

GPG cookbook for Chef, LWRP focused
2 stars 8 forks source link

For user doesn't work #3

Closed szechyjs closed 9 years ago

szechyjs commented 9 years ago

When adding a key for a user other than root, all kinds of permissions problems occur.

szechyjs commented 9 years ago

It may be beneficial to run gpg2 using chpst, that way the process actually runs as the desired user.

From what I can tell, if its a new keychain gpg2 creates files with root as the owner. If run using chpst these created files would be owned by the desired user.

wied03 commented 9 years ago

My primary use case for this is for a non root user so I'm not sure what permission problems you are referring to. I can look into it in a week or so though. The test kitchen tests also work with non root users.

sent from my mobile device On Nov 11, 2014 12:22 AM, "Jared Szechy" notifications@github.com wrote:

When adding a key for a user other than root, all kinds of permissions problems occur.

— Reply to this email directly or view it on GitHub https://github.com/wied03/cookbook-gpg/issues/3.

szechyjs commented 9 years ago

Looking at helper_command_runner.rb it looks like it should be working. When it fails from permission problems this is what the .gnupg directory looks like...

vagrant@default-centos-510 .gnupg]$ ls -la
drwx------  2 vagrant vagrant 4096 Nov 10 22:15 .
drwxr-xr-x 16 vagrant omnibus 4096 Nov 10 22:12 ..
-rw-------  1 root    root    7856 Nov 10 22:12 gpg.conf
-rw-------  1 root    root       0 Nov 10 22:12 pubring.gpg
-rw-------  1 root    root       0 Nov 10 22:12 secring.gpg
-rw-------  1 vagrant root      40 Nov 10 22:15 trustdb.gpg

my for_user is 'vagrant'

szechyjs commented 9 years ago

I just went and had chef create and set the permissions on pubring.gpg and secring.gpg before importing the key it it now works.

wied03 commented 9 years ago

Created a branch (3) for this

wied03 commented 9 years ago

I was able to pass the tests using CentOS7 with SELinux enabled. I'm not sure how to replicate your problem with CentOS 5.1 using the (Centos 5.1 Opscode image)[https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-5.10_chef-provisionerless.box] with Test Kitchen because of what you mentioned on the other issue about gnupg2 on Centos 5.1 compiled with that SELinux flag.

Can you supply more info (how you used the resource, Vagrant specifics)?

wied03 commented 9 years ago

Since I haven't heard anything here, I'm going to close this