ensure world-readability for trusted.gpg in postinst

apt-key creates trusted.gpg if it needs it with 644 nowadays, but before it ensured this, it was gpg creating it, which gives it by default 600. Not a problem as long as our gpgv is run as root, but now that we drop privileges we have to ensure that we can also read trusted.gpg files created by earlier apt-key versions. Closes: 647001
author: David Kalnischkies <david@kalnischkies.de> 2014-10-01 23:58:05 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2014-10-02 01:00:12 +0200
commit: 8b32e72c6f7143de4ec02f44e362b0df9e21e024 (patch)
tree: c88cfc12b227728a5a72f5da099ad49e9a87bc02 /debian/apt.postinst
parent: 9a61bb2176e6599094c575dec7184c3afd6f39bd (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/debian/apt.postinst b/debian/apt.postinst
index deb422aa5..5820db587 100755
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -22,6 +22,10 @@ case "$1" in
 		    rm -f "$keyring"
 		fi
 	    done
+	    # apt-key before 0.9.8.2 could create 0600 trusted.gpg file
+	    if test -e /etc/apt/trusted.gpg ; then
+	        chmod -f 0644 /etc/apt/trusted.gpg || true
+	    fi
 	fi
 
 	if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
author	David Kalnischkies <david@kalnischkies.de>	2014-10-01 23:58:05 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2014-10-02 01:00:12 +0200
commit	8b32e72c6f7143de4ec02f44e362b0df9e21e024 (patch)
tree	c88cfc12b227728a5a72f5da099ad49e9a87bc02 /debian/apt.postinst
parent	9a61bb2176e6599094c575dec7184c3afd6f39bd (diff)