From 9fda3be1ae000e81e15dc8840271946e140765c9 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 24 Jan 2014 17:14:52 +0100
Subject: only create new trusted.gpg if directory is writeable

---
 cmdline/apt-key.in | 37 ++++++++++++++-----------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

(limited to 'cmdline')

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index e592925d6..66e26ef0c 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -48,16 +48,6 @@ requires_root() {
 	fi
 }
 
-# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
-init_keyring() {
-    for path; do
-        if ! [ -e "$path" ]; then
-            touch -- "$path"
-            chmod 0644 -- "$path"
-        fi
-    done
-}
-
 add_keys_with_verify_against_master_keyring() {
     ADD_KEYRING=$1
     MASTER=$2
@@ -311,49 +301,50 @@ if [ -z "$command" ]; then
 fi
 shift
 
-if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
-    echo >&2 "Warning: gnupg does not seem to be installed."
-    echo >&2 "Warning: apt-key requires gnupg for most operations."
-    echo >&2
+if [ "$command" != "help" ]; then
+    if ! which gpg >/dev/null 2>&1; then
+	echo >&2 "Warning: gnupg does not seem to be installed."
+	echo >&2 "Warning: apt-key requires gnupg for most operations."
+	echo >&2
+    fi
+
+    # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
+    if ! [ -e "$TRUSTEDFILE" ]; then
+	if [ -w "$(dirname "$TRUSTEDFILE")" ]; then
+	   touch -- "$TRUSTEDFILE"
+	   chmod 0644 -- "$TRUSTEDFILE"
+	fi
+    fi
 fi
 
 case "$command" in
     add)
         requires_root
-        init_keyring "$TRUSTEDFILE"
         $GPG --quiet --batch --import "$1"
         aptkey_echo "OK"
         ;;
     del|rm|remove)
-        init_keyring "$TRUSTEDFILE"
 	remove_key "$1"
         ;;
     update)
-        init_keyring "$TRUSTEDFILE"
 	update
 	;;
     net-update)
-        init_keyring "$TRUSTEDFILE"
 	net_update
 	;;
     list)
-        init_keyring "$TRUSTEDFILE"
         $GPG --batch --list-keys
         ;;
     finger*)
-        init_keyring "$TRUSTEDFILE"
         $GPG --batch --fingerprint
         ;;
     export)
-        init_keyring "$TRUSTEDFILE"
         $GPG --armor --export "$1"
         ;;
     exportall)
-        init_keyring "$TRUSTEDFILE"
         $GPG --armor --export
         ;;
     adv*)
-        init_keyring "$TRUSTEDFILE"
         aptkey_echo "Executing: $GPG $*"
         $GPG $*
         ;;
-- 
cgit v1.2.3