summaryrefslogtreecommitdiff
path: root/debian/apt.postinst
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2013-08-12 00:19:10 +0200
committerDavid Kalnischkies <kalnischkies@gmail.com>2013-08-12 18:01:37 +0200
commitf9e64e7bb0c125b54f0699d9e08956a88b467a7f (patch)
treecb85210daabe3dde0ec33a05de190022c1933f2e /debian/apt.postinst
parentc0a013221d296e97d68b4e9a66fef5c886d2bbb0 (diff)
use a tmpfile for trustdb.gpg in apt-key
for some "interesting" reason gpg decides that it needs to update its trustdb.gpg file in a --list-keys command even if right before gpg is asked to --check-trustdb. That wouldn't be as bad if it wouldn't modify the keyring being listed at that moment as well, which generates not only warnings which are not a problem for us, but as the keyring modified can be in /usr it modified files which aren't allowed to be modified. The suggested solution in the bugreport is running --check-trustdb unconditionally in an 'apt-key update' call, but this command will not be used in the future and this could still potentially bite us in net-update or adv calls. All of this just to keep a file around, which we do not need… The commit therefore switches to the use of a temporary created trusted.gpg file for everyone and asks gpg to not try to update the trustdb after its intial creation, which seems to avoid the problem altogether. It is using your also faked secring btw as calling the check-trustdb without a keyring is a lot slower … Closes: #687611 Thanks: Andreas Beckmann for the initial patch!
Diffstat (limited to 'debian/apt.postinst')
-rw-r--r--debian/apt.postinst13
1 files changed, 9 insertions, 4 deletions
diff --git a/debian/apt.postinst b/debian/apt.postinst
index 9ff1e031c..caa05ccdf 100644
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -15,10 +15,15 @@ set -e
case "$1" in
configure)
- SECRING='/etc/apt/secring.gpg'
- # test if secring is an empty normal file
- if test -f $SECRING -a ! -s $SECRING; then
- rm -f $SECRING
+ if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
+ # we are using tmpfiles for both
+ rm -f /etc/apt/trustdb.gpg
+ # this removal was done unconditional since 0.8.15.3
+ SECRING='/etc/apt/secring.gpg'
+ # test if secring is an empty normal file
+ if test -f $SECRING -a ! -s $SECRING; then
+ rm -f $SECRING
+ fi
fi
apt-key update