can't get perl's cpan to 'behave' when using gpg ...

OpenMacNews openmacnews at gmail.com
Thu Mar 2 21:11:56 CET 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi all,

i've gnupg 1.4.2.1 built/installed from src on OSX 10.4.5.

when using perl's CPAN, gpg is used for module signature checking.

to that end, cpan's Config.pm includes:

  'gpg' => q[/usr/local/bin/gpg],


i've configured my gpg to use keyrings/perms of "userA".

from shell, i typically run as userA.

however, cpan is often run as a different user, with superuser perms.

when i run cpan as userB to install modules i get warning such as:

gpg: WARNING: unsafe ownership on homedir `/Users/userA/gpg_homedir'
gpg: WARNING: unsafe ownership on homedir `/Users/userA/gpg_homedir'
Signature for
/usr/ports/cpan_build/sources/authors/id/O/OL/OLAF/CHECKSUMS ok


before running cpan, i see:

% ls -al /Users/userA/gpg_homedir
	total 408
	drwx------ 12 userA wheel    408 Mar  2 12:00 .
	drwxr-xr-x 12 userA wheel    408 Nov 11 20:46 ..
	-rw-------  1 userA wheel   1437 Feb 24 21:11 gpg.conf
	-rw-------  1 userA wheel 123269 Feb 24 21:11 pubring.gpg
	-rw-------  1 userA wheel    600 Feb 24 21:11 random_seed
	-rw-------  1 userA wheel  14546 Feb 24 21:11 secring.gpg
	-rw-------  1 userA wheel   3650 Feb 24 21:11 trustdb.gpg


but AFTER running cpan as userB i see:

% ls -al /Users/userA/gpg_homedir
	total 408
	drwx------ 12 userA wheel    408 Mar  2 12:00 .
	drwxr-xr-x 12 userA wheel    408 Nov 11 20:46 ..
	-rw-------  1 userA wheel   1437 Feb 24 21:11 gpg.conf
	-rw-------  1 userB wheel 124965 Mar  2 11:37 pubring.gpg
	-rw-------  1 userB wheel    600 Mar  2 11:51 random_seed
	-rw-------  1 userA wheel  14546 Feb 24 21:11 secring.gpg
	-rw-------  1 userB wheel   3920 Mar  2 11:37 trustdb.gpg

note that CPAN is, apparently, changing user ownership on pubring,
random_seed and trustdb !?

how/where do i:

(a) prevent cpan from making changes to my gpg files' ownership?
(b) force cpan to exec gpg as userA -- my typical/intended user?


i've changed the Config.pm entry to:

  'gpg' => q[sudo -u userA /usr/local/bin/gpg],

alas, to no avail.  same symptoms/warnings/etc.

suggestions are appreciated!

cheers,

richard


- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Darwin)

iEYEAREDAAYFAkQHUYwACgkQlffdvTZxCMYcuwCfUZoXxIIwnimEpyTDgO/CQ5PF
fHIAoKct+QtwFrD8Ub5YOGYat8RdLrVb
=lAHG
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list