Allow custom GnuPG homedir location (thanks to Tony Finch)
1 files changed, 11 insertions(+), 7 deletions(-)

M fetch-sanesecurity-sigs
M fetch-sanesecurity-sigs +11 -7
@@ 88,6 88,11 @@ random_sleep=1
 # URL of the Sanesecurity GnuPG public key
 gpg_key_url="http://www.sanesecurity.net/publickey.gpg"
 
+# Location of GnuPG home directory
+# (If you change this, be sure that you understand the security implications:
+# signatures by *any* key in your public keyring will be accepted)
+gpg_homedir="$data_dir/gnupg"
+
 # Exclude logical signatures (*.ldb)?
 # These are not supported by versions of ClamAV prior to 0.94.
 # If you use an old version of ClamAV, you should enable this option.

          
@@ 109,16 114,15 @@ fi
 mkdir -p "$data_dir" "$cache_dir"
 
 # Set up GnuPG, if necessary
-if [ ! -d "$data_dir/gnupg" ]
+if [ ! -d "$gpg_homedir" ]
 then
-	echo "No GnuPG homedir found; initialising" >&2
+	echo "GnuPG homedir is nonexistant; initialising" >&2
 	echo "(This should only occur once)" >&2
-	mkdir "$data_dir/gnupg"
-	chmod 0700 "$data_dir/gnupg"
-	if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$data_dir/gnupg" --import -
+	mkdir "$gpg_homedir"
+	chmod 0700 "$gpg_homedir"
+	if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$gpg_homedir" --import -
 	then
 		echo "ERROR: could not import GnuPG public key; aborting" >&2
-		rm -r "$data_dir/gnupg"
 		exit 4
 	fi
 fi

          
@@ 195,7 199,7 @@ do
 	fi
 
 	# Check that the GnuPG signature is correct
-	if ! gpg_out=$(gpg --no-options --homedir "$data_dir/gnupg" --verify "$db.sig" "$db" 2>&1)
+	if ! gpg_out=$(gpg --no-options --homedir "$gpg_homedir" --verify "$db.sig" "$db" 2>&1)
 	then
 		echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2
 		echo "$gpg_out" >&2