Richard W.M. Jones
2014-Feb-21 13:04 UTC
Re: [Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker
On Fri, Feb 21, 2014 at 01:50:30PM +0100, Pino Toscano wrote:> On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote: > > On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote: > > > Create a temporary directory and tell gpg to use it as homedir, so > > > imported keys do not get into the user's keyring. This also avoid > > > importing the default key when a different one is needed to check > > > the > > > signature. > > > > > > The only exception is when a non-default fingerprint is used: in > > > this > > > case, that key is read from the user's keyring, since it is where it > > > is. > > The mkdtemp part is fine. You could spin that off into a separate > > commit, so it could be a candidate for backporting. > > Hm but it would not be used by anything else so far, so not sure what > would the backport of it actually do.Just thinking that we might use the mkdtemp binding somewhere else. sysprep/sysprep_operation_script.ml is one candidate.> > The rest I found a bit confusing. What does it do exactly? > > The idea is to use a disposable keyring for each Sigchecker.t, so > imported keys used for checking won't be imported directly into the > user's keyring. The "exception" would be when asking to use a > fingerprint different than the default one, which would be taken from > the user's keyring. > > Currently it does not make much difference, since the only key not in > user's keyring would be only the default one. In the future, external > keys stored in own files would be imported in each Sigchecker.t, so not > tampering the user's keyring. > The current patch is a small step in that direction (the rest is > basically almost done). > > I'm not sure what is confusing in the patch though...OK, I see. ACK. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Pino Toscano
2014-Feb-21 13:06 UTC
Re: [Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker
On Friday 21 February 2014 13:04:34 Richard W.M. Jones wrote:> On Fri, Feb 21, 2014 at 01:50:30PM +0100, Pino Toscano wrote: > > On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote: > > > On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote: > > > > Create a temporary directory and tell gpg to use it as homedir, > > > > so > > > > imported keys do not get into the user's keyring. This also > > > > avoid > > > > importing the default key when a different one is needed to > > > > check > > > > the > > > > signature. > > > > > > > > The only exception is when a non-default fingerprint is used: in > > > > this > > > > case, that key is read from the user's keyring, since it is > > > > where it > > > > is. > > > > > > The mkdtemp part is fine. You could spin that off into a separate > > > commit, so it could be a candidate for backporting. > > > > Hm but it would not be used by anything else so far, so not sure > > what > > would the backport of it actually do. > > Just thinking that we might use the mkdtemp binding somewhere else. > > sysprep/sysprep_operation_script.ml is one candidate.Sounds good then; do I better put the mkdtemp binding in mllib, then?> > > The rest I found a bit confusing. What does it do exactly? > > > > The idea is to use a disposable keyring for each Sigchecker.t, so > > imported keys used for checking won't be imported directly into the > > user's keyring. The "exception" would be when asking to use a > > fingerprint different than the default one, which would be taken > > from > > the user's keyring. > > > > Currently it does not make much difference, since the only key not > > in > > user's keyring would be only the default one. In the future, > > external > > keys stored in own files would be imported in each Sigchecker.t, so > > not tampering the user's keyring. > > The current patch is a small step in that direction (the rest is > > basically almost done). > > > > I'm not sure what is confusing in the patch though... > > OK, I see. > > ACK.Will split and push. Thanks, -- Pino Toscano
Richard W.M. Jones
2014-Feb-21 13:12 UTC
Re: [Libguestfs] [PATCH 2/2] builder: use a disposable GPG keyring for every Sigchecker
On Fri, Feb 21, 2014 at 02:06:53PM +0100, Pino Toscano wrote:> On Friday 21 February 2014 13:04:34 Richard W.M. Jones wrote: > > Just thinking that we might use the mkdtemp binding somewhere else. > > > > sysprep/sysprep_operation_script.ml is one candidate. > > Sounds good then; do I better put the mkdtemp binding in mllib, then?Yes, it would need to be in mllib. ACK to that too. Thanks, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/