@@ 93,6 93,9 @@ gpg_key_url="http://www.sanesecurity.net
# signatures by *any* key in your public keyring will be accepted)
gpg_homedir="$data_dir/gnupg"
+# Extra options for GnuPG, if required
+gpg_extra_opts=""
+
# Exclude logical signatures (*.ldb)?
# These are not supported by versions of ClamAV prior to 0.94.
# If you use an old version of ClamAV, you should enable this option.
@@ 118,13 121,22 @@ if [ ! -d "$gpg_homedir" ]
then
echo "GnuPG homedir is nonexistant; initialising" >&2
echo "(This should only occur once)" >&2
- mkdir "$gpg_homedir"
+ mkdir -p "$gpg_homedir"
chmod 0700 "$gpg_homedir"
- if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$gpg_homedir" --import -
+ gpg_tmp="$(mktemp -t fetch-sanesecurity-sigs.XXXXXXXXXX)"
+ if ! wget -O "$gpg_tmp" "$gpg_key_url"
+ then
+ echo "ERROR: could not fetch GnuPG public key; aborting" >&2
+ rm -f "$gpg_tmp"
+ exit 4
+ fi
+ if ! gpg --homedir "$gpg_homedir" $gpg_extra_opts --import "$gpg_tmp"
then
echo "ERROR: could not import GnuPG public key; aborting" >&2
+ rm -f "$gpg_tmp"
exit 4
fi
+ rm -f "$gpg_tmp"
fi
# This appears to be the most portable way to find the current timestamp
@@ 199,7 211,7 @@ do
fi
# Check that the GnuPG signature is correct
- if ! gpg_out=$(gpg --no-options --homedir "$gpg_homedir" --verify "$db.sig" "$db" 2>&1)
+ if ! gpg_out=$(gpg --homedir "$gpg_homedir" $gpg_extra_opts --verify "$db.sig" "$db" 2>&1)
then
echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2
echo "$gpg_out" >&2
@@ 254,4 266,3 @@ else
fi
exit 0
-