[OE-core] [PATCH V4] gnupg-native: fix GPG homedir path length limit

Hongxu Jia hongxu.jia at windriver.com
Mon Nov 25 07:31:09 UTC 2019 

Ping

//Hongxu
On 11/11/19 3:43 PM, Hongxu Jia wrote:
> The gpg uses unix socket to communicate with its agent, before doing that,
> it checks whether the extra socketdir prefix (/tmp/gnupg,/run/,/var/run/gnupg,
> /var/run) has proper permissions. If all these checking failed, it will
> choose gpg homedir as prefix to create socketdir.
>
> While using gpg in Yocto build, we usually set gpg homedir under build dir,
> if homedir is too long (>100chars), gpg will fail due to unix socket path
> length limit [1][2][3]
>
> Yocto build usually does not have access permission on /run, /var/run, but it
> may have permission on /tmp, so allows to build GnuPG with an extra socketdir
> under /tmp/gnupg.
>
> But Yocto build creates gpg socketdir through pseudo which makes the real uid
> differs between different build (even different recipes in one build), so apply
> fix to not require gpg socketdir to be owned by the user. Then multiple recipes
> or builds could use the same socketdir prefix /tmp/gnupg.
>
> Conversely, if /tmp/gnupg does not exist, or Yocto builds do not have permission
> on /tmp, gpg uses homedir as usual. In other words, in order to fix GPG homedir
> path length limit, the gpg user in Yocto build should not only apply this commit,
> but also create the socket in the /tmp/gnupg directory: Make sure that
> /tmp/gnupg/user/$(id -u) [4]
>
> [1] https://dev.gnupg.org/rG17efcd2a2acdc3b7f00711272aa51e5be2476921
> [2] https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057444.html
> [3] https://unix.stackexchange.com/questions/367008/why-is-socket-path-length-limited-to-a-hundred-chars
> [4] https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057451.html
>
> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ---
>   ...uild-GnuPG-with-an-extra-socketdir-below-.patch | 51 ++++++++++++++++
>   ...t-check-socketdir-to-be-owned-by-the-user.patch | 71 ++++++++++++++++++++++
>   meta/recipes-support/gnupg/gnupg_2.2.17.bb         |  5 ++
>   3 files changed, 127 insertions(+)
>   create mode 100644 meta/recipes-support/gnupg/gnupg/0001-allows-to-build-GnuPG-with-an-extra-socketdir-below-.patch
>   create mode 100644 meta/recipes-support/gnupg/gnupg/0002-do-not-check-socketdir-to-be-owned-by-the-user.patch
>
> diff --git a/meta/recipes-support/gnupg/gnupg/0001-allows-to-build-GnuPG-with-an-extra-socketdir-below-.patch b/meta/recipes-support/gnupg/gnupg/0001-allows-to-build-GnuPG-with-an-extra-socketdir-below-.patch
> new file mode 100644
> index 0000000..e255279
> --- /dev/null
> +++ b/meta/recipes-support/gnupg/gnupg/0001-allows-to-build-GnuPG-with-an-extra-socketdir-below-.patch
> @@ -0,0 +1,51 @@
> +From 26358e491084f4a546ae1fcb71f0405a7b5cf575 Mon Sep 17 00:00:00 2001
> +From: Hongxu Jia <hongxu.jia at windriver.com>
> +Date: Sat, 9 Nov 2019 00:51:25 -0500
> +Subject: [PATCH 1/2] allows to build GnuPG with an extra socketdir below
> + /tmp/gnupg
> +
> +Since upstream applied commit [17efcd2 build: New configure option
> +--enable-run-gnupg-user-socket] [1], it allows to build GnuPG with an
> +extra socketdir below /run.
> +
> +For Yocto build which does not have access permission on /run, it could
> +not create the extra socketdir in /run/gnupg and uses homedir to replace.
> +
> +If homedir is too long(>100chars), gpg connect agent will fail [2][3]
> +...
> +|gpg: can't connect to the agent: File name too long
> +...
> +
> +Yocto builds may have permission on /tmp on many hosts, so allows to build
> +GnuPG with an extra socketdir below /tmp/gnupg.
> +
> +Conversely, if Yocto builds do not have permission on /tmp, it still uses homedir
> +as usual;
> +
> +[1] https://dev.gnupg.org/rG17efcd2a2acdc3b7f00711272aa51e5be2476921
> +[2] https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057444.html
> +[3] https://unix.stackexchange.com/questions/367008/why-is-socket-path-length-limited-to-a-hundred-chars
> +
> +Upstream-Status: Inappropriate [OE specific]
> +
> +Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> +---
> + common/homedir.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/common/homedir.c b/common/homedir.c
> +index e9e75d0..9dd5f6c 100644
> +--- a/common/homedir.c
> ++++ b/common/homedir.c
> +@@ -574,7 +574,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
> +
> +   static const char * const bases[] = {
> + #ifdef USE_RUN_GNUPG_USER_SOCKET
> +-    "/run/gnupg",
> ++    "/tmp/gnupg",
> + #endif
> +     "/run",
> + #ifdef USE_RUN_GNUPG_USER_SOCKET
> +--
> +2.23.0
> +
> diff --git a/meta/recipes-support/gnupg/gnupg/0002-do-not-check-socketdir-to-be-owned-by-the-user.patch b/meta/recipes-support/gnupg/gnupg/0002-do-not-check-socketdir-to-be-owned-by-the-user.patch
> new file mode 100644
> index 0000000..14ddedd
> --- /dev/null
> +++ b/meta/recipes-support/gnupg/gnupg/0002-do-not-check-socketdir-to-be-owned-by-the-user.patch
> @@ -0,0 +1,71 @@
> +From 78bf195f85b42cc46ce875c1ae63090ac28cca75 Mon Sep 17 00:00:00 2001
> +From: Hongxu Jia <hongxu.jia at windriver.com>
> +Date: Sat, 9 Nov 2019 16:35:16 +0800
> +Subject: [PATCH 2/2] do not check socketdir to be owned by the user
> +
> +The gpg uses unix socket to communicate with its agent, before doing that,
> +it checks whether the extra socketdir prefix (/tmp/gnupg,/run/,/var/run/gnupg,
> +/var/run) has proper permissions. If all these checking failed, it will
> +choose gpg homedir to create socketdir prefix
> +
> +While using gpg in Yocto build, we usually set gpg homedir under build dir,
> +if homedir is too long (>100chars), gpg will fail due to unix socket path
> +length limit [1]
> +
> +To improve user experience which do not limit gpg homedir with a short path,
> +Yocto build could use /tmp/gnupg as gpg socketdir prefix. But Yocto build
> +creates gpg socketdir through pseudo which makes the real uid differs between
> +different build (even different recipes in one build), so apply fix to not
> +require gpg socketdir to be owned by the user. Then multiple recipes or builds
> +could use the same socketdir prefix /tmp/gnupg.
> +
> +[1] https://unix.stackexchange.com/questions/367008/why-is-socket-path-length-limited-to-a-hundred-chars
> +
> +Upstream-Status: Inappropriate [OE specific]
> +
> +Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> +---
> + common/homedir.c | 11 +----------
> + 1 file changed, 1 insertion(+), 10 deletions(-)
> +
> +diff --git a/common/homedir.c b/common/homedir.c
> +index 9dd5f6c..d94e044 100644
> +--- a/common/homedir.c
> ++++ b/common/homedir.c
> +@@ -614,13 +614,6 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
> +       goto leave;
> +     }
> +
> +-  if (sb.st_uid != getuid ())
> +-    {
> +-      *r_info |= 4; /* Not owned by the user.  */
> +-      if (!skip_checks)
> +-        goto leave;
> +-    }
> +-
> +   if (strlen (prefix) + 7 >= sizeof prefix)
> +     {
> +       *r_info |= 1; /* Ooops: Buffer too short to append "/gnupg".  */
> +@@ -649,10 +642,9 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
> +           goto leave;
> +         }
> +     }
> +-  /* Check that it is a directory, owned by the user, and only the
> ++  /* Check that it is a directory, and only the
> +    * user has permissions to use it.  */
> +   if (!S_ISDIR(sb.st_mode)
> +-      || sb.st_uid != getuid ()
> +       || (sb.st_mode & (S_IRWXG|S_IRWXO)))
> +     {
> +       *r_info |= 4; /* Bad permissions or not a directory. */
> +@@ -719,7 +711,6 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
> +             }
> +         }
> +       else if (!S_ISDIR(sb.st_mode)
> +-               || sb.st_uid != getuid ()
> +                || (sb.st_mode & (S_IRWXG|S_IRWXO)))
> +         {
> +           *r_info |= 8; /* Bad permissions or subdir is not a directory.  */
> +--
> +2.23.0
> +
> diff --git a/meta/recipes-support/gnupg/gnupg_2.2.17.bb b/meta/recipes-support/gnupg/gnupg_2.2.17.bb
> index bb8885f..79db8f0 100644
> --- a/meta/recipes-support/gnupg/gnupg_2.2.17.bb
> +++ b/meta/recipes-support/gnupg/gnupg_2.2.17.bb
> @@ -17,6 +17,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
>              file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
>              "
>   SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
> +                                file://0001-allows-to-build-GnuPG-with-an-extra-socketdir-below-.patch \
> +                                file://0002-do-not-check-socketdir-to-be-owned-by-the-user.patch \
>                                   file://relocate.patch"
>   
>   SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c"
> @@ -29,6 +31,9 @@ EXTRA_OECONF = "--disable-ldap \
>   		--with-readline=${STAGING_LIBDIR}/.. \
>   		--enable-gpg-is-gpg2 \
>                  "
> +EXTRA_OECONF_append_class-native = " \
> +       --enable-run-gnupg-user-socket \
> +"
>   
>   # A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg)
>   PACKAGES =+ "${PN}-gpg"

More information about the Openembedded-core mailing list