# HG changeset patch
# User mas90
# Date 1233765135 0
#      Wed Feb 04 16:32:15 2009 +0000
# Node ID 80326b5b64fc5902602b58053c9be03cc2a7a10d
# Parent  87d0151ecf4a4c9f6aa2fb0557986192c9dbfb0e
Allow custom GnuPG homedir location (thanks to Tony Finch)

diff --git a/fetch-sanesecurity-sigs b/fetch-sanesecurity-sigs
--- a/fetch-sanesecurity-sigs
+++ b/fetch-sanesecurity-sigs
@@ -88,6 +88,11 @@
 # URL of the Sanesecurity GnuPG public key
 gpg_key_url="http://www.sanesecurity.net/publickey.gpg"
 
+# Location of GnuPG home directory
+# (If you change this, be sure that you understand the security implications:
+# signatures by *any* key in your public keyring will be accepted)
+gpg_homedir="$data_dir/gnupg"
+
 # Exclude logical signatures (*.ldb)?
 # These are not supported by versions of ClamAV prior to 0.94.
 # If you use an old version of ClamAV, you should enable this option.
@@ -109,16 +114,15 @@
 mkdir -p "$data_dir" "$cache_dir"
 
 # Set up GnuPG, if necessary
-if [ ! -d "$data_dir/gnupg" ]
+if [ ! -d "$gpg_homedir" ]
 then
-	echo "No GnuPG homedir found; initialising" >&2
+	echo "GnuPG homedir is nonexistant; initialising" >&2
 	echo "(This should only occur once)" >&2
-	mkdir "$data_dir/gnupg"
-	chmod 0700 "$data_dir/gnupg"
-	if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$data_dir/gnupg" --import -
+	mkdir "$gpg_homedir"
+	chmod 0700 "$gpg_homedir"
+	if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$gpg_homedir" --import -
 	then
 		echo "ERROR: could not import GnuPG public key; aborting" >&2
-		rm -r "$data_dir/gnupg"
 		exit 4
 	fi
 fi
@@ -195,7 +199,7 @@
 	fi
 
 	# Check that the GnuPG signature is correct
-	if ! gpg_out=$(gpg --no-options --homedir "$data_dir/gnupg" --verify "$db.sig" "$db" 2>&1)
+	if ! gpg_out=$(gpg --no-options --homedir "$gpg_homedir" --verify "$db.sig" "$db" 2>&1)
 	then
 		echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2
 		echo "$gpg_out" >&2