diff --git a/builder/builder.ml b/builder/builder.ml index 95f32edaf..b0a48ea89 100644 --- a/builder/builder.ml +++ b/builder/builder.ml @@ -148,12 +148,10 @@ let main () = (* Check that gpg is installed. Optional as long as the user * disables all signature checks. *) - let cmd = sprintf "%s --help >/dev/null 2>&1" cmdline.gpg in - if shell_command cmd <> 0 then ( - if cmdline.check_signature then - error (f_"gpg is not installed (or does not work)\nYou should install gpg, or use --gpg option, or use --no-check-signature.") - else if verbose () then - warning (f_"gpg program is not available") + if cmdline.check_signature then ( + let cmd = sprintf "%s --help >/dev/null 2>&1" cmdline.gpg in + if cmdline.gpg = "" || shell_command cmd <> 0 then + error (f_"no GNU Privacy Guard (GnuPG, gpg) binary was found.\n\nEither gpg v1 or v2 can be installed to check signatures. Virt-builder looks for a binary called either ‘gpg2’ or ‘gpg‘ on the $PATH. You can also specify a binary using the ‘--gpg’ option. If you don't want to check signatures, use ’--no-check-signature’ but note that this may make you vulnerable to Man-In-The-Middle attacks.") ); (* Check that curl works. *) diff --git a/builder/cmdline.ml b/builder/cmdline.ml index aa852e8f5..f20c0936c 100644 --- a/builder/cmdline.ml +++ b/builder/cmdline.ml @@ -87,7 +87,13 @@ let parse_cmdline () = let add_fingerprint arg = push_front arg fingerprints in let format = ref "" in - let gpg = ref "gpg" in + let gpg = + try which "gpg2" + with Executable_not_found _ -> + try which "gpg" + with Executable_not_found _ -> + "" in + let gpg = ref gpg in let list_format = ref List_entries.Short in let list_set_long () = list_format := List_entries.Long in diff --git a/builder/virt-builder.pod b/builder/virt-builder.pod index b48b1241b..dbbd6469e 100644 --- a/builder/virt-builder.pod +++ b/builder/virt-builder.pod @@ -314,8 +314,10 @@ F directory of a guest, see L. =item B<--gpg> GPG -Specify an alternate L (GNU Privacy Guard) binary. You can -also use this to add gpg parameters, for example to specify an +Specify an alternate L (GNU Privacy Guard) binary. By default +virt-builder looks for either C or C in the C<$PATH>. + +You can also use this to add gpg parameters, for example to specify an alternate home directory: virt-builder --gpg "gpg --homedir /tmp" [...] @@ -1880,6 +1882,7 @@ L, L, L, L, +L, L, L, L, diff --git a/docs/guestfs-building.pod b/docs/guestfs-building.pod index 5e314b34d..bfb46a02f 100644 --- a/docs/guestfs-building.pod +++ b/docs/guestfs-building.pod @@ -280,7 +280,7 @@ Optional. For the L. Optional. Used by virt-builder for downloads. -=item gpg +=item GNU Privacy Guard (GnuPG, gpg) v1 or v2 Optional. Used by virt-builder for checking digital signatures.