From 8b32e72c6f7143de4ec02f44e362b0df9e21e024 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 1 Oct 2014 23:58:05 +0200
Subject: ensure world-readability for trusted.gpg in postinst

apt-key creates trusted.gpg if it needs it with 644 nowadays, but before
it ensured this, it was gpg creating it, which gives it by default 600.
Not a problem as long as our gpgv is run as root, but now that we drop
privileges we have to ensure that we can also read trusted.gpg files
created by earlier apt-key versions.

Closes: 647001
---
 debian/apt.postinst | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'debian/apt.postinst')

diff --git a/debian/apt.postinst b/debian/apt.postinst
index deb422aa5..5820db587 100755
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -22,6 +22,10 @@ case "$1" in
 		    rm -f "$keyring"
 		fi
 	    done
+	    # apt-key before 0.9.8.2 could create 0600 trusted.gpg file
+	    if test -e /etc/apt/trusted.gpg ; then
+	        chmod -f 0644 /etc/apt/trusted.gpg || true
+	    fi
 	fi
 
 	if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
-- 
cgit v1.2.3