summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-01-26 17:37:00 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2014-09-27 00:12:14 +0200
commit059911800900a42c4246f1e209b51656055215b2 (patch)
tree7b8c0b6397a3a696a617457c29aa8b2c6e9b8264
parentb39bb552f8de65cea13dc5f1fae6fbeb198605c6 (diff)
delay gnupg setup in apt-key until it is needed
'apt-key help' and incorrect usage do not need a functioning gnupg setup, as well as we shouldn't try to setup gnupg before we actually test if it is available (and print a message if it is not).
-rw-r--r--cmdline/apt-key.in44
1 files changed, 22 insertions, 22 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 9d8e60ec0..b8fdfe121 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -3,28 +3,6 @@
set -e
unset GREP_OPTIONS
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
-
-# gpg needs (in different versions more or less) files to function correctly,
-# so we give it its own homedir and generate some valid content for it
-GPGHOMEDIR="$(mktemp -d)"
-CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"
-trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
-chmod 700 "$GPGHOMEDIR"
-# We don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available - and writeable for imports
-SECRETKEYRING="${GPGHOMEDIR}/secring.gpg"
-touch $SECRETKEYRING
-GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR"
-# create the trustdb with an (empty) dummy keyring
-# older gpgs required it, newer gpgs even warn that it isn't needed,
-# but require it nonetheless for some commands, so we just play safe
-# here for the foreseeable future and create a dummy one
-$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1
-# tell gpg that it shouldn't try to maintain a trustdb file
-GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
-GPG="$GPG_CMD"
-
APT_DIR="/"
eval $(apt-config shell APT_DIR Dir)
@@ -331,6 +309,28 @@ if [ "$command" != "help" ]; then
echo >&2
fi
+ GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+
+ # gpg needs (in different versions more or less) files to function correctly,
+ # so we give it its own homedir and generate some valid content for it
+ GPGHOMEDIR="$(mktemp -d)"
+ CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"
+ trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+ chmod 700 "$GPGHOMEDIR"
+ # We don't use a secret keyring, of course, but gpg panics and
+ # implodes if there isn't one available - and writeable for imports
+ SECRETKEYRING="${GPGHOMEDIR}/secring.gpg"
+ touch $SECRETKEYRING
+ GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR"
+ # create the trustdb with an (empty) dummy keyring
+ # older gpgs required it, newer gpgs even warn that it isn't needed,
+ # but require it nonetheless for some commands, so we just play safe
+ # here for the foreseeable future and create a dummy one
+ $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1
+ # tell gpg that it shouldn't try to maintain a trustdb file
+ GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
+ GPG="$GPG_CMD"
+
# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
if ! [ -e "$TRUSTEDFILE" ]; then
if [ -w "$(dirname "$TRUSTEDFILE")" ]; then