Libguestfs - Apr 2017 - [PATCH v2] builder: Allow GnuPG v2 or v1 to be used (RHBZ#1438939).

All of the GPG commands we run are compatible with either v1 or v2, so
this simply involves looking for either gpg2 or gpg binaries at
runtime.
---
 builder/builder.ml        | 10 ++++------
 builder/cmdline.ml        |  8 +++++++-
 builder/virt-builder.pod  |  7 +++++--
 docs/guestfs-building.pod |  2 +-
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/builder/builder.ml b/builder/builder.ml
index 95f32edaf..b0a48ea89 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -148,12 +148,10 @@ let main ()    (* Check that gpg is installed.  Optional
as long as the user
    * disables all signature checks.
    *)
-  let cmd = sprintf "%s --help >/dev/null 2>&1" cmdline.gpg
in
-  if shell_command cmd <> 0 then (
-    if cmdline.check_signature then
-      error (f_"gpg is not installed (or does not work)\nYou should
install gpg, or use --gpg option, or use --no-check-signature.")
-    else if verbose () then
-      warning (f_"gpg program is not available")
+  if cmdline.check_signature then (
+    let cmd = sprintf "%s --help >/dev/null 2>&1"
cmdline.gpg in
+    if cmdline.gpg = "" || shell_command cmd <> 0 then
+      error (f_"no GNU Privacy Guard (GnuPG, gpg) binary was
found.\n\nEither gpg v1 or v2 can be installed to check signatures. 
Virt-builder looks for a binary called either ‘gpg2’ or ‘gpg‘ on the $PATH.  You
can also specify a binary using the ‘--gpg’ option.  If you don't want to
check signatures, use ’--no-check-signature’ but note that this may make you
vulnerable to Man-In-The-Middle attacks.")
   );
 
   (* Check that curl works. *)
diff --git a/builder/cmdline.ml b/builder/cmdline.ml
index aa852e8f5..f20c0936c 100644
--- a/builder/cmdline.ml
+++ b/builder/cmdline.ml
@@ -87,7 +87,13 @@ let parse_cmdline ()    let add_fingerprint arg = push_front
arg fingerprints in
 
   let format = ref "" in
-  let gpg = ref "gpg" in
+  let gpg +    try which "gpg2"
+    with Executable_not_found _ ->
+         try which "gpg"
+         with Executable_not_found _ ->
+              "" in
+  let gpg = ref gpg in
 
   let list_format = ref List_entries.Short in
   let list_set_long () = list_format := List_entries.Long in
diff --git a/builder/virt-builder.pod b/builder/virt-builder.pod
index b48b1241b..dbbd6469e 100644
--- a/builder/virt-builder.pod
+++ b/builder/virt-builder.pod
@@ -314,8 +314,10 @@ F</boot> directory of a guest, see
L<virt-copy-out(1)>.
 
 =item B<--gpg> GPG
 
-Specify an alternate L<gpg(1)> (GNU Privacy Guard) binary.  You can
-also use this to add gpg parameters, for example to specify an
+Specify an alternate L<gpg(1)> (GNU Privacy Guard) binary.  By default
+virt-builder looks for either C<gpg2> or C<gpg> in the
C<$PATH>.
+
+You can also use this to add gpg parameters, for example to specify an
 alternate home directory:
 
  virt-builder --gpg "gpg --homedir /tmp" [...]
@@ -1880,6 +1882,7 @@ L<virt-resize(1)>,
 L<virt-sysprep(1)>,
 L<oz-install(1)>,
 L<gpg(1)>,
+L<gpg2(1)>,
 L<curl(1)>,
 L<virt-make-fs(1)>,
 L<genisoimage(1)>,
diff --git a/docs/guestfs-building.pod b/docs/guestfs-building.pod
index 5e314b34d..bfb46a02f 100644
--- a/docs/guestfs-building.pod
+++ b/docs/guestfs-building.pod
@@ -280,7 +280,7 @@ Optional.  For the L<UML backend|guestfs(3)/BACKEND>.
 
 Optional.  Used by virt-builder for downloads.
 
-=item gpg
+=item GNU Privacy Guard (GnuPG, gpg) v1 or v2
 
 Optional.  Used by virt-builder for checking digital signatures.
 
-- 
2.12.0

On Thursday, 6 April 2017 12:23:46 CEST Richard W.M. Jones
wrote:
> All of the GPG commands we run are compatible with either v1 or v2, so
> this simply involves looking for either gpg2 or gpg binaries at
> runtime.
> ---
LGTM.

Thanks,
-- 
Pino Toscano