Bug 106711 - gpgme fail to compile due selinux restriction of exporting secret keys
Bug#: 106711 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: dragonheart@gentoo.org Reported By: sogard@as.ro
Component: Ebuilds
URL: 
Summary: gpgme fail to compile due selinux restriction of exporting secret keys
Keywords:  
Status Whiteboard: 
Opened: 2005-09-20 12:26 0000
Description:   Opened: 2005-09-20 12:26 0000 
When emerging gpgme if gnupg is compiled using selinux the compilation will
fail.

Reproducible: Always
Steps to Reproduce:
1. USE="selinux" emerge -pv gnupg
2. emerge gpgme 
Actual Results:  
.....
srcdir=. ./mkdemodirs
Creating: Alphagpg: WARNING: unsafe permissions on homedir `.'
gpg: exporting secret keys not allowed
gpg: WARNING: nothing exported
make[3]: *** [Alpha/Secret.gpg] Error 2
make[3]: Leaving directory
`/var/tmp/portage/gpgme-1.0.2/work/gpgme-1.0.2/tests/gpg'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/gpgme-1.0.2/work/gpgme-1.0.2/tests'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/gpgme-1.0.2/work/gpgme-1.0.2'
make: *** [all] Error 2

!!! ERROR: app-crypt/gpgme-1.0.2 failed.

Expected Results:  
Emerge subcesfuly. If gnupg is emerged with "-selinux" it will work fine.

This is because the gnupg emerged with the selinux gpg will refuse to export
secret keys with the message "gpg: exporting secret keys not allowed"
The problem is in gpgme-1.0.2/tests/gpg/mkdemodirs script that is traying to
export some secret keys.

------- Comment #1 From Daniel Black 2005-09-26 04:00:45 0000 ------- 
Tudor are you feeling exceptionally generous to prove a working patch?

------- Comment #2 From Tudor Alexandru Dragos 2005-09-26 07:12:24 0000 ------- 
I will.

------- Comment #3 From Tudor Alexandru Dragos 2005-09-26 11:07:02 0000 ------- 
Created an attachment (id=69278) [details]
patch for ebuild 

I have searched for a more elegant way to do it but seem this is the most
efficient way. The option for disabling tests doesn’t exist in gpgme, and
implementing one or modifying the configure.ac script will waste time
regenerating configuration scripts.  And by the way the option
"–-disable-tests" is pointless

------- Comment #4 From Peter Gordon (RETIRED) 2005-10-10 17:32:29 0000 ------- 
I get this in the middle of a Hardened ~x86 installation too. I've patched the
ebuild and am building it now. Let's hope this works. :)

------- Comment #5 From Peter Gordon (RETIRED) 2005-10-10 17:37:59 0000 ------- 
Yay! Thanks, Tudor. Your patch works fine for me (gpgme 1.0.3).  

Daniel, would you please add this in CVS?

------- Comment #6 From Daniel Black 2005-10-17 12:24:36 0000 ------- 
thankyou - sorry it took so long

------- Comment #7 From Bernd Steinhauser 2007-11-12 17:49:36 0000 ------- 
Latest ebuild (1.1.5) is missing this again, preventing gpgme to be build on
selinux.