From 285feb3cedca3cccff971155099adef8d902223d Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Sat, 16 Jul 2011 14:21:51 +0200
Subject: * cmdline/apt-key:   - use a tmpfile instead of /etc/apt/secring.gpg
 (Closes: #632596) * debian/apt.postinst:   - remove /etc/apt/secring.gpg if
 it is an empty file

---
 cmdline/apt-key | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'cmdline')

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 843163f82..8a995dadd 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -5,9 +5,12 @@ unset GREP_OPTIONS
 
 # We don't use a secret keyring, of course, but gpg panics and
 # implodes if there isn't one available
-GPG_CMD='gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg'
+SECRETKEYRING="$(mktemp)"
+trap "rm -f '${SECRETKEYRING}'" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring '${SECRETKEYRING}'"
 
 if [ "$(id -u)" -eq 0 ]; then
+	# we could use a tmpfile here too, but creation of this tends to be time-consuming
 	GPG_CMD="$GPG_CMD --trustdb-name /etc/apt/trustdb.gpg"
 fi
 
-- 
cgit v1.2.3-70-g09d2