summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-07-01 23:44:37 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-07-02 00:03:20 +0200
commitf4dcab0504a68595d9e95c953ce66f46f9ad30aa (patch)
tree5aeb96504bafe008d86476d2ee043589daf7df47
parent08fcf9628806af202e555bd02b3611e4e9a3d757 (diff)
deprecate 'apt-key update' and no-op it in Debian
Debian isn't using 'update' anymore for years and the command is in direct conflict with our goal of not requiring gnupg anymore, so it is high time to officially declare this command as deprecated.
-rw-r--r--cmdline/apt-key.in7
-rw-r--r--doc/apt-key.8.xml24
-rw-r--r--vendor/debian/apt-vendor.ent4
3 files changed, 17 insertions, 18 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 49056f2a6..511c91c16 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -156,6 +156,13 @@ net_update() {
}
update() {
+ if [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
+ echo >&2 "Warning: 'apt-key update' is deprecated and should not be used anymore!"
+ if [ -z "$ARCHIVE_KEYRING" ]; then
+ echo >&2 "Note: In your distribution this command is a no-op and can therefore be removed safely."
+ exit 0
+ fi
+ fi
if [ ! -f "$ARCHIVE_KEYRING" ]; then
echo >&2 "ERROR: Can't find the archive-keyring"
echo >&2 "Is the &keyring-package; package installed?"
diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index e0d9f5b95..111fdb0d1 100644
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -128,17 +128,21 @@
</listitem>
</varlistentry>
- <varlistentry><term><option>update</option></term>
+ <varlistentry><term><option>update</option></term> (deprecated)
<listitem>
<para>
-
Update the local keyring with the archive keyring and remove from
the local keyring the archive keys which are no longer valid.
The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
distribution, e.g. the &keyring-package; package in &keyring-distro;.
-
</para>
-
+ <para>
+ Note that a distribution does not need to and in fact should not use
+ this command any longer and instead ship keyring files in the
+ <filename>/etc/apt/trusted.gpg</filename> directory directly as this
+ avoids a dependency on <package>gnupg</package> and it is easier to manage
+ keys by simply adding and removing files for maintainers and users alike.
+ </para>
</listitem>
</varlistentry>
@@ -181,18 +185,6 @@
&file-trustedgpg;
- <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
- <listitem><para>Local trust database of archive keys.</para></listitem>
- </varlistentry>
-
- <varlistentry><term>&keyring-filename;</term>
- <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem>
- </varlistentry>
-
- <varlistentry><term>&keyring-removed-filename;</term>
- <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem>
- </varlistentry>
-
</variablelist>
</refsect1>
diff --git a/vendor/debian/apt-vendor.ent b/vendor/debian/apt-vendor.ent
index 93e4e0460..8d5416ced 100644
--- a/vendor/debian/apt-vendor.ent
+++ b/vendor/debian/apt-vendor.ent
@@ -1,8 +1,8 @@
<!-- details about the keys used by the distribution -->
<!ENTITY keyring-distro "Debian">
<!ENTITY keyring-package "<package>debian-archive-keyring</package>">
-<!ENTITY keyring-filename "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>">
-<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>">
+<!ENTITY keyring-filename "">
+<!ENTITY keyring-removed-filename "">
<!ENTITY keyring-master-filename "">
<!ENTITY keyring-uri "">