summaryrefslogtreecommitdiff
path: root/cmdline/apt-key.in
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2014-01-26 08:15:29 +0100
committerMichael Vogt <mvo@debian.org>2014-01-26 08:15:29 +0100
commit796673c38509300c988fbba2f2679ba3c76916db (patch)
tree403055b486d0a1d65561528582d4b0bdc66e53a0 /cmdline/apt-key.in
parent9aef3908c892f9d9349d8bf8a5ceaeea313ba0fe (diff)
parent2f958de6e883ba7b0c9895750d4dde35047f1e82 (diff)
Merge remote-tracking branch 'donkult/debian/sid' into debian/sid
Conflicts: apt-private/private-list.cc doc/po/de.po test/integration/framework
Diffstat (limited to 'cmdline/apt-key.in')
-rw-r--r--cmdline/apt-key.in27
1 files changed, 14 insertions, 13 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 463e4b4b4..0ced500db 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -5,22 +5,23 @@ unset GREP_OPTIONS
GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
-# gpg needs a trustdb to function, but it can't be invalid (not even empty)
-# so we create a temporary directory to store our fresh readable trustdb in
-TRUSTDBDIR="$(mktemp -d)"
-CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
+# gpg needs (in different versions more or less) files to function correctly,
+# so we give it its own homedir and generate some valid content for it
+GPGHOMEDIR="$(mktemp -d)"
+CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"
trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
-chmod 700 "$TRUSTDBDIR"
-# We also don't use a secret keyring, of course, but gpg panics and
+chmod 700 "$GPGHOMEDIR"
+# We don't use a secret keyring, of course, but gpg panics and
# implodes if there isn't one available - and writeable for imports
-SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
+SECRETKEYRING="${GPGHOMEDIR}/secring.gpg"
touch $SECRETKEYRING
-GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
-GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
-
-# now create the trustdb with an (empty) dummy keyring
-$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING
-# and make sure that gpg isn't trying to update the file
+GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR"
+# create the trustdb with an (empty) dummy keyring
+# older gpgs required it, newer gpgs even warn that it isn't needed,
+# but require it nontheless for some commands, so we just play safe
+# here for the foreseeable future and create a dummy one
+$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1
+# tell gpg that it shouldn't try to maintain a trustdb file
GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
GPG="$GPG_CMD"