From 33a2267214eed2a11281c9f93b8cf10b4c436d94 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Thu, 6 Feb 2014 17:56:28 +0100
Subject: add --readonly option for apt-key adv

Some advanced commands can be executed without the keyring being
modified like --verify, so this adds an option to disable the mergeback
and uses it for our gpg calling code.

Git-Dch: Ignore
---
 apt-pkg/contrib/gpgv.cc    | 1 +
 cmdline/apt-key.in         | 9 ++++-----
 test/integration/framework | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 56e26ab99..cd17cd536 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -54,6 +54,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
 
    Args.push_back(aptkey.c_str());
    Args.push_back("--quiet");
+   Args.push_back("--readonly");
    Args.push_back("adv");
 
    char statusfdstr[10];
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 9259fac0d..21d692631 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -337,20 +337,19 @@ while [ -n "$1" ]; do
 	 shift
 	 TRUSTEDFILE="$1"
 	 FORCED_KEYRING="$1"
-	 shift
 	 ;;
       --secret-keyring)
 	 shift
 	 FORCED_SECRET_KEYRING="$1"
-	 shift
+	 ;;
+      --readonly)
+	 merge_back_changes() { true; }
 	 ;;
       --fakeroot)
 	 requires_root() { true; }
-	 shift
 	 ;;
       --quiet)
 	 aptkey_echo() { true; }
-	 shift
 	 ;;
       --*)
 	 echo >&2 "Unknown option: $1"
@@ -359,6 +358,7 @@ while [ -n "$1" ]; do
       *)
 	 break;;
    esac
+   shift
 done
 
 if [ -z "$TRUSTEDFILE" ]; then
@@ -430,7 +430,6 @@ case "$command" in
     del|rm|remove)
 	requires_root
 	foreach_keyring_do 'remove_key_from_keyring' "$@"
-	merge_back_changes
 	aptkey_echo "OK"
         ;;
     update)
diff --git a/test/integration/framework b/test/integration/framework
index 50f16fb46..fcdca34ce 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -429,7 +429,7 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
 		| while read SRC; do
 		echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #		if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
-#			aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \
+#			aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \
 #				adv --yes --default-key 'Joe Sixpack' \
 #				--clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #			mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
@@ -816,7 +816,7 @@ setupaptarchive() {
 signreleasefiles() {
 	local SIGNER="${1:-Joe Sixpack}"
 	local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-	local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes"
+	local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
 	msgninfo "\tSign archive with $SIGNER key $KEY… "
 	local REXKEY='keys/rexexpired'
 	local SECEXPIREBAK="${REXKEY}.sec.bak"
-- 
cgit v1.2.3-70-g09d2