# HG changeset patch # User mas90 # Date 1233765135 0 # Wed Feb 04 16:32:15 2009 +0000 # Node ID 80326b5b64fc5902602b58053c9be03cc2a7a10d # Parent 87d0151ecf4a4c9f6aa2fb0557986192c9dbfb0e Allow custom GnuPG homedir location (thanks to Tony Finch) diff --git a/fetch-sanesecurity-sigs b/fetch-sanesecurity-sigs --- a/fetch-sanesecurity-sigs +++ b/fetch-sanesecurity-sigs @@ -88,6 +88,11 @@ # URL of the Sanesecurity GnuPG public key gpg_key_url="http://www.sanesecurity.net/publickey.gpg" +# Location of GnuPG home directory +# (If you change this, be sure that you understand the security implications: +# signatures by *any* key in your public keyring will be accepted) +gpg_homedir="$data_dir/gnupg" + # Exclude logical signatures (*.ldb)? # These are not supported by versions of ClamAV prior to 0.94. # If you use an old version of ClamAV, you should enable this option. @@ -109,16 +114,15 @@ mkdir -p "$data_dir" "$cache_dir" # Set up GnuPG, if necessary -if [ ! -d "$data_dir/gnupg" ] +if [ ! -d "$gpg_homedir" ] then - echo "No GnuPG homedir found; initialising" >&2 + echo "GnuPG homedir is nonexistant; initialising" >&2 echo "(This should only occur once)" >&2 - mkdir "$data_dir/gnupg" - chmod 0700 "$data_dir/gnupg" - if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$data_dir/gnupg" --import - + mkdir "$gpg_homedir" + chmod 0700 "$gpg_homedir" + if ! wget -O- "$gpg_key_url" | gpg --no-options --homedir "$gpg_homedir" --import - then echo "ERROR: could not import GnuPG public key; aborting" >&2 - rm -r "$data_dir/gnupg" exit 4 fi fi @@ -195,7 +199,7 @@ fi # Check that the GnuPG signature is correct - if ! gpg_out=$(gpg --no-options --homedir "$data_dir/gnupg" --verify "$db.sig" "$db" 2>&1) + if ! gpg_out=$(gpg --no-options --homedir "$gpg_homedir" --verify "$db.sig" "$db" 2>&1) then echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2 echo "$gpg_out" >&2