From 25f2731928f0b571f7521d7d7a7e301499d0f6ee Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 7 Jul 2015 11:46:39 +0200 Subject: merge keyrings with cat instead of gpg in apt-key If all keyrings are simple keyrings we can merge the keyrings with cat rather than doing a detour over gpg --export | --import (see #790665), which means 'apt-key verify' can do without gpg and just use gpgv as before the merging change. We declare this gpgv usage explicit now in the dependencies. This isn't a new dependency as gnupg as well as debian-archive-keyring depend on and we used it before unconditionally, just that we didn't declare it. The handling of the merged keyring needs to be slightly different as our merged keyring can end up containing the same key multiple times, but at least currently gpg does remove only the first occurrence with --delete-keys, so we move the handling to a if one is gone, all are gone rather than an (implicit) quid pro quo or even no effect. Thanks: Daniel Kahn Gillmor for the suggestion --- test/integration/test-apt-key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 4dbf3d66d..1226e7dc4 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -188,7 +188,7 @@ gpg: unchanged: 1' aptkey --fakeroot update adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature - for GPGV in 'gpgv' 'gpgv2' '/does/not/exist'; do + for GPGV in '' 'gpgv' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd msgtest 'Test verify a file' 'with all keys' -- cgit v1.2.3