From bbd56bcc1d68e05f666061294ef8070fab144fa5 Mon Sep 17 00:00:00 2001
From: Lucky Baar <lucky.baar@algorand.com>
Date: Thu, 19 May 2022 13:12:11 -0500
Subject: [PATCH] update.sh: make gpg use separate directory for keyring

---
 cmd/updater/update.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/updater/update.sh b/cmd/updater/update.sh
index d8179c8e53..f62e84e0fd 100755
--- a/cmd/updater/update.sh
+++ b/cmd/updater/update.sh
@@ -266,6 +266,7 @@ function check_for_updater() {
         local UPDATER_SIGFILE="$UPDATER_TEMPDIR/updater.sig" UPDATER_PUBKEYFILE="key.pub"
         # try downloading public key
         if curl -sSL "$UPDATER_PUBKEYURL" -o "$UPDATER_PUBKEYFILE"; then
+            GNUPGHOME="$(mktemp -d)"; export GNUPGHOME
             if gpg --import "$UPDATER_PUBKEYFILE"; then
                 if curl -sSL "$UPDATER_SIGURL" -o "$UPDATER_SIGFILE"; then
                     if ! gpg --verify "$UPDATER_SIGFILE" "$UPDATER_ARCHIVE"; then
@@ -278,6 +279,8 @@ function check_for_updater() {
             else
                 echo "failed importing GPG public key, cannot perform signature validation."
             fi
+            # clean up temporary directory used for signature validation
+            rm -rf "$GNUPGHOME"; unset GNUPGHOME
         else
             echo "failed downloading GPG public key, cannot perform signature validation."
         fi