Re: Updated GnuPG::Interface
On Fri, Jul 24, 2020 at 12:45:37AM +1200, Andrew Ruthven wrote:
> On Thu, 2020-07-23 at 23:55 +1200, Andrew Ruthven wrote:
> > We have two options here. Either
> > patch /usr/share/perl5/Crypt/Monkeysphere/MSVA.pm in msva-perl to use
> > the full path to /usr/bin/gpg when GnuPG::Interface. Or we modify
> > GnuPG::Interface to use the full path instead of just running "gpg".
> >
> > I'm leaning towards the later as otherwise we'll be playing whack-a-
> > mole for any other Perl programs that use Taint. Thoughts?
> >
> > I'm happy to prepare that patch.
>
> I've written a patch for this and pushed it. General case patch is
> submitted upstream here:
>
> https://rt.cpan.org/Ticket/Display.html?id=133041
>
> We'll need to carry our own patch even if upstream accepts it as I've
> set the default binary for gpg to be the full path so we don't need to
> use $ENV{PATH} or modify any programs that use GnuPG::Interface.
Agreed, we should be using the full path in any case to maintain
interface stability. As packagers we shouldn't rely on the user's
path not containing unexpected values.
Cheers
Dominic
Reply to: