From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6880878174534631424 X-Received: by 2002:a05:651c:11c9:: with SMTP id z9mr4197023ljo.96.1611142071428; Wed, 20 Jan 2021 03:27:51 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:6145:: with SMTP id m5ls2650723lfk.2.gmail; Wed, 20 Jan 2021 03:27:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJz7LOL6geAD6vGu+zFr8NHjZ1w6IrDh0wEzRGq6iveerIYjDGLsTkIymny41apaIUmzFdlq X-Received: by 2002:ac2:5227:: with SMTP id i7mr1063170lfl.365.1611142070505; Wed, 20 Jan 2021 03:27:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611142070; cv=none; d=google.com; s=arc-20160816; b=PYSAwjnbpQlSA0MeW/RLAwCUIPuoNa4yM39t1w8kYMyIi3pSlMH8M1VKx2RPktzhwX RO3CSN7ReJSKa3WKt4avPHdXIQY9AcEaNV7gzJz5ZNt+hk0DWb10bZplLl0EiiiOpyvo TUqm8SHmrMqnb2rH2KP17lmvd5EsYrMnv3lhepCHwFcETiFY8p8ljnwG6eE2J4uzkTH0 FVItMeH6Lhckf6Ca/Nzocc2vJjURoU55lwGHUhSzMP+i4rfz7hmyvmDb9fkkZbXL5ak/ FEvNAsxuiwbz230RgXyYdJ5OD47hjwC43osafwfih0jU1rAPwiQ95lJBlu6x8wpwg36T 36JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=1UubmyN/x45S3YpLfv9WMSqC1kvgqlKu+I0n6HPkPps=; b=sL4n+CFByFRiAFKdAsiYOzqrEuXBNOpIlnHfZeEDPNjEEVQne1IpxfLqWWZN64oYDI Qotj/L4NXsrDkfUuv9pnOciw33SKbtpiiwMwPx0mxu72S2qyIrAQ4hdCbHsc+Fewwd4P ysswxOLCWs7LLykCRi9sWiVclZWOYu3BNAS87+B/dW6YxY6ehl6FXQBj5W5CyAQK819O XiqP5V49MwuQy4oJ/QW+Gp2nUrSi/WzXhQvWjhlxLuDlJe+tnHmSkRCzjQdM5MrVaE5N lmTm9Dwx2/VT6I3xoMGixmdmbOmr5pZYL1JDGtTdJtPZiRuNkVPWbo4LLeYfVpBOdv6Z vv5A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id q28si95639lfb.10.2021.01.20.03.27.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Jan 2021 03:27:50 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 10KBRnCo009683 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Jan 2021 12:27:49 +0100 Received: from md1za8fc.ad001.siemens.net ([139.22.120.228]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 10KBRn0O002455; Wed, 20 Jan 2021 12:27:49 +0100 Date: Wed, 20 Jan 2021 12:27:48 +0100 From: Henning Schild To: Baurzhan Ismagulov Cc: Anton Mikanovich , , "Yuri Adamov" Subject: Re: [PATCH v2] isar-bootstrap: Run gpg-agent before starting apt-key Message-ID: <20210120122748.14debc48@md1za8fc.ad001.siemens.net> In-Reply-To: <20210120112008.GX22444@yssyq.m.ilbers.de> References: <20210119112001.11651-1-amikan@ilbers.de> <20210120115542.074eeef1@md1za8fc.ad001.siemens.net> <20210120112008.GX22444@yssyq.m.ilbers.de> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: lOp/YN9nl1Dq Am Wed, 20 Jan 2021 12:20:08 +0100 schrieb Baurzhan Ismagulov : > On Wed, Jan 20, 2021 at 11:55:42AM +0100, Henning Schild wrote: > > > + MY_GPGHOME=$(chroot "${ROOTFSDIR}" mktemp -d > > > /tmp/gpghomeXXXXXXXXXX) > ... > > > + chroot "${ROOTFSDIR}" /bin/rm -rf "${MY_GPGHOME}" > > > > this should be guarded making sure MY_GPGHOME is indeed a directory > > with a matching name ... would be a pity if for some reason it > > would be i.e. "/usr" or even only "/tmp" > > That comes from mktemp -d. If that succeeds, my understanding is it's > a directory. Or do I miss anything? That is the impression you can get when reading the code. But under the assumption that the script will indeed fail if mktemp fails, and that nothing else overwrites the variable ... even by accident. Now and in the future when people need to touch this code again. Just a safeguard suggestion, i do not feel strong about it. Henning > With kind regards, > Baurzhan.