Date: Sat, 8 May 2004 12:47:34 +0200 (CEST) From: Lupe Christoph <lupe@lupe-christoph.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/66417: really bad idea in libgcrypt-1.2.0 installation Message-ID: <20040508104734.AC0643E@firewally.lupe-christoph.de> Resent-Message-ID: <200405091340.i49DeEIk023230@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 66417 >Category: ports >Synopsis: really bad idea in libgcrypt-1.2.0 installation >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun May 09 06:40:13 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Lupe Christoph >Release: FreeBSD 4.8-RELEASE-p16 i386 >Organization: >Environment: System: FreeBSD firewally.lupe-christoph.de 4.8-RELEASE-p16 FreeBSD 4.8-RELEASE-p16 #0: Sat Mar 6 10:26:07 CET 2004 lupe@firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386 gpg is installed >Description: Upon installation, gpg is used to verify a signature: ===> Verifying GnuPG Signature. /usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring --keyserver pgp.mit.edu --recv-key 57548DCD gpg: /root/.gnupg: directory created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created gpg: can't get key from keyserver: No route to host gpg: Total number processed: 0 *** Error code 2 (ignored) cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify libgcrypt-1.2.0.tar.gz.sig libgcrypt-1.2.0.tar.gz gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD gpg: Can't check signature: public key not found *** Error code 2 This creates a gpg infrastructure for root that wasn't there before and is not intended to be there. Fetching the key fails on this machine because it is a firewall with extremely limited permissions to the outside world. Please implement an environment variable that permits one to suppress the verification even on machines with gpg installed. >How-To-Repeat: 1) install gpg 2) Do not iniatialize gpg for root. 3) Use a firewall to limit outgoing connections. >Fix: Remove lines in pre-extract from port's Makefile. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040508104734.AC0643E>