diff options
| author | Michael Vogt <mvo@debian.org> | 2014-01-26 08:15:29 +0100 |
|---|---|---|
| committer | Michael Vogt <mvo@debian.org> | 2014-01-26 08:15:29 +0100 |
| commit | 796673c38509300c988fbba2f2679ba3c76916db (patch) | |
| tree | 403055b486d0a1d65561528582d4b0bdc66e53a0 /cmdline | |
| parent | 9aef3908c892f9d9349d8bf8a5ceaeea313ba0fe (diff) | |
| parent | 2f958de6e883ba7b0c9895750d4dde35047f1e82 (diff) | |
Merge remote-tracking branch 'donkult/debian/sid' into debian/sid
Conflicts:
apt-private/private-list.cc
doc/po/de.po
test/integration/framework
Diffstat (limited to 'cmdline')
| -rw-r--r-- | cmdline/apt-key.in | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 463e4b4b4..0ced500db 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -5,22 +5,23 @@ unset GREP_OPTIONS GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" -# gpg needs a trustdb to function, but it can't be invalid (not even empty) -# so we create a temporary directory to store our fresh readable trustdb in -TRUSTDBDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" +# gpg needs (in different versions more or less) files to function correctly, +# so we give it its own homedir and generate some valid content for it +GPGHOMEDIR="$(mktemp -d)" +CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$TRUSTDBDIR" -# We also don't use a secret keyring, of course, but gpg panics and +chmod 700 "$GPGHOMEDIR" +# We don't use a secret keyring, of course, but gpg panics and # implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" +SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" -GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" - -# now create the trustdb with an (empty) dummy keyring -$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING -# and make sure that gpg isn't trying to update the file +GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" +# create the trustdb with an (empty) dummy keyring +# older gpgs required it, newer gpgs even warn that it isn't needed, +# but require it nontheless for some commands, so we just play safe +# here for the foreseeable future and create a dummy one +$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 +# tell gpg that it shouldn't try to maintain a trustdb file GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" GPG="$GPG_CMD" |