Bug#689806: mh-e: package installation creates /root/.gnupg/*

Sun, 21 Oct 2012 07:45:16 -0700 

Control: tags -1 + patch pending

Dear Maintainer,

Andreas Beckmann <deb...@abeckmann.de> writes:

> Package: mh-e
> Version: 8.3-1
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed that your package creates files in
> /root. From the attached log (scroll to the bottom):
>
> 1m4.7s ERROR: FAIL: Package purging left files on system:
>   /root/.gnupg/        not owned
>   /root/.gnupg/gpg.conf        not owned
>   /root/.gnupg/pubring.gpg     not owned
>   /root/.gnupg/secring.gpg     not owned
>
> Creating stuff in /root is a FHS and policy violation. (And of course
> these files should not be deleted by maintainer scripts.)
> But it is also an indication that the package operation may depend on
> root's .gnupg configuration (and package installation might even fail if
> that configuration is broken). That would be a case for "configuration
> files not in /etc".

This issue is similar to #689807, so I have implemented a similar
solution; see the patch attached.

I uploaded an to NMU of the package to DELAYED/10 with that patch. I
hope this delay will give you the time to review the patch and, if you
prefer another way of fixing it, to implement your preferred solution.
Don't hesitate to tell me if you want me to delay the upload longer.

Regards,


diff -Nru mh-e-8.3/debian/changelog mh-e-8.3/debian/changelog
--- mh-e-8.3/debian/changelog	2011-11-11 17:10:10.000000000 +0100
+++ mh-e-8.3/debian/changelog	2012-10-21 16:15:05.000000000 +0200
@@ -1,3 +1,13 @@
+mh-e (8.3-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * No longer create /root/.gnupg during installation of the package. This
+    is achieved by binding epg-gpg-home-directory to a temporary directory
+    during bytecode compilation (implementation in
+    debian/emacsen-install). (Closes: #689806)
+
+ -- Sébastien Villemot <sebast...@debian.org>  Sun, 21 Oct 2012 16:13:53 +0200
+
 mh-e (8.3-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru mh-e-8.3/debian/emacsen-install mh-e-8.3/debian/emacsen-install
--- mh-e-8.3/debian/emacsen-install	2007-08-14 02:57:11.000000000 +0200
+++ mh-e-8.3/debian/emacsen-install	2012-10-21 16:13:17.000000000 +0200
@@ -59,12 +59,17 @@
 done
 cd ${ELCDIR}
 
+# Prevent epg from manipulating /root/.gnupg (#689806)
+TMPGNUPGHOME=`mktemp -d --tmpdir gnupg.XXXXXXXXXX`
+
 cat << EOF > path.el
 (setq load-path (append '("." "/usr/share/emacs/site-lisp/etc/images/mh-e")
                 load-path)
       byte-compile-warnings nil)
+(setq epg-gpg-home-directory "${TMPGNUPGHOME}")
 EOF
 ${FLAVOR} ${FLAGS} ${BYTECOMPILEFILES}
 rm -f path.el
+rm -rf ${TMPGNUPGHOME}
 
 exit 0

-- 
 .''`.    Sébastien Villemot
: :' :    Debian Developer
`. `'     http://www.dynare.org/sebastien
  `-      GPG Key: 4096R/381A7594

Attachment: pgpnrdBiUmkl1.pgp
Description: PGP signature

Reply via email to