Introduce customizable variable 'package-gnupghome-dir'

* lisp/emacs-lisp/package.el (package-import-keyring)
(package--check-signature-content, package-check-signature):
Use new variable package-gnupghome-dir to control which GnuPG
homedir to use.
* doc/emacs/package.texi: Mention package-gnupghome-dir.
* etc/NEWS: Mention package-gnupghome-dir.

3 files changed, 44 insertions, 13 deletions

diff --git a/doc/emacs/package.texi b/doc/emacs/package.texi
index d6f88aaec3c..ecc955d3efe 100644
--- a/doc/emacs/package.texi
+++ b/doc/emacs/package.texi
@@ -193,15 +193,22 @@ and use only third parties that you think you can trust!
 can have in their packages by @dfn{signing} them.  They generate a
 private/public pair of cryptographic keys, and use the private key to
 create a @dfn{signature file} for each package.  With the public key, you
-can use the signature files to verify who created the package, and
-that it has not been modified.  A valid signature is not a cast-iron
+can use the signature files to verify the package creator and make sure
+the package has not been tampered with.  Signature verification uses
+@uref{https://www.gnupg.org/, the GnuPG package} via the EasyPG
+interface (@pxref{Top,, EasyPG, epa, Emacs EasyPG Assistant Manual}).
+A valid signature is not a cast-iron
 guarantee that a package is not malicious, so you should still
 exercise caution.  Package archives should provide instructions
 on how you can obtain their public key.  One way is to download the
 key from a server such as @url{http://pgp.mit.edu/}.
 Use @kbd{M-x package-import-keyring} to import the key into Emacs.
-Emacs stores package keys in the @file{gnupg} subdirectory
-of @code{package-user-dir}.
+Emacs stores package keys in the directory specified by the variable
+@code{package-gnupghome-dir}, by default in the @file{gnupg}
+subdirectory of @code{package-user-dir}, which causes Emacs to invoke
+GnuPG with the option @samp{--homedir} when verifying signatures.
+If @code{package-gnupghome-dir} is @code{nil}, GnuPG's option
+@samp{--homedir} is omitted.
 The public key for the GNU package archive is distributed with Emacs,
 in the @file{etc/package-keyring.gpg}.  Emacs uses it automatically.
 
diff --git a/etc/NEWS b/etc/NEWS
index b36db07360b..3c328ac58a2 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -644,6 +644,13 @@ In 'visual-line-mode' it will look for the true beginning of a header
 while in non-'visual-line-mode' it will move the point to the indented
 header's value.
 
+** Package
+
++++
+*** The new variable 'package-gnupghome-dir' has been added to control
+where the GnuPG home directory (used for signature verification) is
+located and whether GnuPG's option "--homedir" is used or not.
+
 ** Tramp
 
 +++
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 769856262b4..bef1e8dd59b 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -307,6 +307,23 @@ contrast, `package-user-dir' contains packages for personal use."
 (declare-function epg-find-configuration "epg-config"
                   (protocol &optional no-cache program-alist))
 
+(defcustom package-gnupghome-dir (expand-file-name "gnupg" package-user-dir)
+  "Directory containing GnuPG keyring or nil.
+This variable specifies the GnuPG home directory used by package.
+That directory is passed via the option \"--homedir\" to GnuPG.
+If nil, do not use the option \"--homedir\", but stick with GnuPG's
+default directory."
+  :type `(choice
+          (const
+           :tag "Default Emacs package management GnuPG home directory"
+           ,(expand-file-name "gnupg" package-user-dir))
+          (const
+           :tag "Default GnuPG directory (GnuPG option --homedir not used)"
+           nil)
+          (directory :tag "A specific GnuPG --homedir"))
+  :risky t
+  :version "26.1")
+
 (defcustom package-check-signature
   (if (and (require 'epg-config)
            (epg-find-configuration 'OpenPGP))
@@ -1209,9 +1226,9 @@ errors signaled by ERROR-FORM or by BODY).
   "Check signature CONTENT against STRING.
 SIG-FILE is the name of the signature file, used when signaling
 errors."
-  (let* ((context (epg-make-context 'OpenPGP))
-         (homedir (expand-file-name "gnupg" package-user-dir)))
-    (setf (epg-context-home-directory context) homedir)
+  (let ((context (epg-make-context 'OpenPGP)))
+    (when package-gnupghome-dir
+      (setf (epg-context-home-directory context) package-gnupghome-dir))
     (condition-case error
         (epg-verify-string context content string)
       (error (package--display-verify-error context sig-file)
@@ -1238,7 +1255,7 @@ errors."
   "Check signature of the current buffer.
 Download the signature file from LOCATION by appending \".sig\"
 to FILE.
-GnuPG keyring is located under \"gnupg\" in `package-user-dir'.
+GnuPG keyring location depends on `package-gnupghome-dir'.
 STRING is the string to verify, it defaults to `buffer-string'.
 If ASYNC is non-nil, the download of the signature file is
 done asynchronously.
@@ -1478,11 +1495,11 @@ taken care of by `package-initialize'."
   "Import keys from FILE."
   (interactive "fFile: ")
   (setq file (expand-file-name file))
-  (let ((context (epg-make-context 'OpenPGP))
-        (homedir (expand-file-name "gnupg" package-user-dir)))
-    (with-file-modes 448
-      (make-directory homedir t))
-    (setf (epg-context-home-directory context) homedir)
+  (let ((context (epg-make-context 'OpenPGP)))
+    (when package-gnupghome-dir
+      (with-file-modes 448
+        (make-directory package-gnupghome-dir t))
+      (setf (epg-context-home-directory context) package-gnupghome-dir))
     (message "Importing %s..." (file-name-nondirectory file))
     (epg-import-keys-from-file context file)
     (message "Importing %s...done" (file-name-nondirectory file))))