ports/66417: really bad idea in libgcrypt-1.2.0 installation
Lupe Christoph
lupe at lupe-christoph.de
Sun May 9 13:40:15 UTC 2004
>Number: 66417
>Category: ports
>Synopsis: really bad idea in libgcrypt-1.2.0 installation
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun May 09 06:40:13 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Lupe Christoph
>Release: FreeBSD 4.8-RELEASE-p16 i386
>Organization:
>Environment:
System: FreeBSD firewally.lupe-christoph.de 4.8-RELEASE-p16 FreeBSD 4.8-RELEASE-p16 #0: Sat Mar 6 10:26:07 CET 2004 lupe at firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386
gpg is installed
>Description:
Upon installation, gpg is used to verify a signature:
===> Verifying GnuPG Signature.
/usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring --keyserver pgp.mit.edu --recv-key 57548DCD
gpg: /root/.gnupg: directory created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created
gpg: can't get key from keyserver: No route to host
gpg: Total number processed: 0
*** Error code 2 (ignored)
cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify libgcrypt-1.2.0.tar.gz.sig libgcrypt-1.2.0.tar.gz
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD
gpg: Can't check signature: public key not found
*** Error code 2
This creates a gpg infrastructure for root that wasn't there before and
is not intended to be there.
Fetching the key fails on this machine because it is a firewall with
extremely limited permissions to the outside world.
Please implement an environment variable that permits one to suppress
the verification even on machines with gpg installed.
>How-To-Repeat:
1) install gpg
2) Do not iniatialize gpg for root.
3) Use a firewall to limit outgoing connections.
>Fix:
Remove lines in pre-extract from port's Makefile.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list