__apt_key: use mktemp for unique temporary gpg home

This commit is contained in:
ander 2019-11-21 14:15:51 +02:00
parent ac2463fe31
commit 01bd01573e

View file

@ -61,31 +61,29 @@ EOF
echo "curl -s -L '$uri' | apt-key add -" echo "curl -s -L '$uri' | apt-key add -"
fi fi
elif [ -d "$keydir" ]; then elif [ -d "$keydir" ]; then
tmp='/tmp/cdist_apt_key_tmp'
# we need to kill gpg after 30 seconds, because gpg # we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding. # can get stuck if keyserver is not responding.
# exporting env var and not exit 1, # exporting env var and not exit 1,
# because we need to clean up and kill dirmngr. # because we need to clean up and kill dirmngr.
cat << EOF cat << EOF
mkdir -m 700 -p "$tmp" gpgtmphome="\$( mktemp -d )"
if timeout 30s \\ if timeout 30s \\
gpg --homedir "$tmp" \\ gpg --homedir "\$gpgtmphome" \\
--keyserver "$keyserver" \\ --keyserver "$keyserver" \\
--recv-keys "$keyid" --recv-keys "$keyid"
then then
gpg --homedir "$tmp" \\ gpg --homedir "\$gpgtmphome" \\
--export "$keyid" \\ --export "$keyid" \\
> "$keyfile" > "$keyfile"
else else
export GPG_GOT_STUCK=1 export GPG_GOT_STUCK=1
fi fi
GNUPGHOME="$tmp" gpgconf --kill dirmngr GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr
rm -rf "$tmp" rm -rf "\$gpgtmphome"
if [ -n "\$GPG_GOT_STUCK" ] if [ -n "\$GPG_GOT_STUCK" ]
then then