forked from ungleich-public/cdist
__apt_key: use mktemp for unique temporary gpg home
This commit is contained in:
parent
ac2463fe31
commit
01bd01573e
1 changed files with 5 additions and 7 deletions
|
@ -61,31 +61,29 @@ EOF
|
||||||
echo "curl -s -L '$uri' | apt-key add -"
|
echo "curl -s -L '$uri' | apt-key add -"
|
||||||
fi
|
fi
|
||||||
elif [ -d "$keydir" ]; then
|
elif [ -d "$keydir" ]; then
|
||||||
tmp='/tmp/cdist_apt_key_tmp'
|
|
||||||
|
|
||||||
# we need to kill gpg after 30 seconds, because gpg
|
# we need to kill gpg after 30 seconds, because gpg
|
||||||
# can get stuck if keyserver is not responding.
|
# can get stuck if keyserver is not responding.
|
||||||
# exporting env var and not exit 1,
|
# exporting env var and not exit 1,
|
||||||
# because we need to clean up and kill dirmngr.
|
# because we need to clean up and kill dirmngr.
|
||||||
cat << EOF
|
cat << EOF
|
||||||
|
|
||||||
mkdir -m 700 -p "$tmp"
|
gpgtmphome="\$( mktemp -d )"
|
||||||
|
|
||||||
if timeout 30s \\
|
if timeout 30s \\
|
||||||
gpg --homedir "$tmp" \\
|
gpg --homedir "\$gpgtmphome" \\
|
||||||
--keyserver "$keyserver" \\
|
--keyserver "$keyserver" \\
|
||||||
--recv-keys "$keyid"
|
--recv-keys "$keyid"
|
||||||
then
|
then
|
||||||
gpg --homedir "$tmp" \\
|
gpg --homedir "\$gpgtmphome" \\
|
||||||
--export "$keyid" \\
|
--export "$keyid" \\
|
||||||
> "$keyfile"
|
> "$keyfile"
|
||||||
else
|
else
|
||||||
export GPG_GOT_STUCK=1
|
export GPG_GOT_STUCK=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
GNUPGHOME="$tmp" gpgconf --kill dirmngr
|
GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr
|
||||||
|
|
||||||
rm -rf "$tmp"
|
rm -rf "\$gpgtmphome"
|
||||||
|
|
||||||
if [ -n "\$GPG_GOT_STUCK" ]
|
if [ -n "\$GPG_GOT_STUCK" ]
|
||||||
then
|
then
|
||||||
|
|
Loading…
Reference in a new issue