apt_repository with key option creates ~/.gnupg owned by root in Vagrant's homedir
mconigliaro opened this issue · 2 comments
Cookbook version
2.9.2
Chef-client version
12.6.0
Platform Details
Ubuntu 14.04.4 LTS via Test Kitchen
Scenario:
Using apt_repository with the key option creates .gnupg owned by root under Vagrant's home dir. I think this might have something to do with vagrant's sudo environment, so maybe a Vagrant problem? Just a guess, but I'm not sure why else the execute resource (which runs commands as root by default) would cause files to be created under another user's homedir.
To work around that here, it might be enough to reset HOME before running apt-key in the repository provider.
Steps to Reproduce:
apt_repository 'foo' do
uri ...
distribution ...
key ...
end
Expected Result:
The root user shouldn't be creating files in other users home directories.
Actual Result:
$ ls -al /home/vagrant/ | grep gnu
drwx------ 2 root root 4096 May 3 17:57 .gnupg
Interestingly, this just failed on me with a similar error when changing the user for execute.
execute "gpg --allow-secret-key-import --import #{gpg_key_private}" do
user 'foo'
only_if { ::File.exist?(gpg_key_private) }
end
gpg failed trying to write to /root/.gnupg as the foo user. Explicitly setting HOME to foo's home made this work again. So gpg definitely seems to get confused when HOME isn't set properly.
We've removed the apt_update and apt_repository resources from this cookbook as they were merged into core chef. I'm going to close this issue out now. If you think it's still valid against a new chef-client release please open it up against the chef/chef repo so we can work on it where the code now resides.