diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-07-01 23:44:37 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-07-02 00:03:20 +0200 |
commit | f4dcab0504a68595d9e95c953ce66f46f9ad30aa (patch) | |
tree | 5aeb96504bafe008d86476d2ee043589daf7df47 | |
parent | 08fcf9628806af202e555bd02b3611e4e9a3d757 (diff) |
deprecate 'apt-key update' and no-op it in Debian
Debian isn't using 'update' anymore for years and the command is in
direct conflict with our goal of not requiring gnupg anymore, so it
is high time to officially declare this command as deprecated.
-rw-r--r-- | cmdline/apt-key.in | 7 | ||||
-rw-r--r-- | doc/apt-key.8.xml | 24 | ||||
-rw-r--r-- | vendor/debian/apt-vendor.ent | 4 |
3 files changed, 17 insertions, 18 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 49056f2a6..511c91c16 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -156,6 +156,13 @@ net_update() { } update() { + if [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then + echo >&2 "Warning: 'apt-key update' is deprecated and should not be used anymore!" + if [ -z "$ARCHIVE_KEYRING" ]; then + echo >&2 "Note: In your distribution this command is a no-op and can therefore be removed safely." + exit 0 + fi + fi if [ ! -f "$ARCHIVE_KEYRING" ]; then echo >&2 "ERROR: Can't find the archive-keyring" echo >&2 "Is the &keyring-package; package installed?" diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index e0d9f5b95..111fdb0d1 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -128,17 +128,21 @@ </listitem> </varlistentry> - <varlistentry><term><option>update</option></term> + <varlistentry><term><option>update</option></term> (deprecated) <listitem> <para> - Update the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the <literal>archive-keyring</literal> package of your distribution, e.g. the &keyring-package; package in &keyring-distro;. - </para> - + <para> + Note that a distribution does not need to and in fact should not use + this command any longer and instead ship keyring files in the + <filename>/etc/apt/trusted.gpg</filename> directory directly as this + avoids a dependency on <package>gnupg</package> and it is easier to manage + keys by simply adding and removing files for maintainers and users alike. + </para> </listitem> </varlistentry> @@ -181,18 +185,6 @@ &file-trustedgpg; - <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term> - <listitem><para>Local trust database of archive keys.</para></listitem> - </varlistentry> - - <varlistentry><term>&keyring-filename;</term> - <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem> - </varlistentry> - - <varlistentry><term>&keyring-removed-filename;</term> - <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem> - </varlistentry> - </variablelist> </refsect1> diff --git a/vendor/debian/apt-vendor.ent b/vendor/debian/apt-vendor.ent index 93e4e0460..8d5416ced 100644 --- a/vendor/debian/apt-vendor.ent +++ b/vendor/debian/apt-vendor.ent @@ -1,8 +1,8 @@ <!-- details about the keys used by the distribution --> <!ENTITY keyring-distro "Debian"> <!ENTITY keyring-package "<package>debian-archive-keyring</package>"> -<!ENTITY keyring-filename "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"> -<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"> +<!ENTITY keyring-filename ""> +<!ENTITY keyring-removed-filename ""> <!ENTITY keyring-master-filename ""> <!ENTITY keyring-uri ""> |