Package: debian-archive-keyring
Severity: minor
Hi,
debian-archive-keyring should remove old keys on upgrades, see forwarded
mail.
The call to apt-key update should only be run if apt-key and gpg both
can be found since dependencies are not guaranteed to be available in
postrm.
The check for gpg to be available is necessary because apt could
possibly recommend gnupg in future and thus apt-key could be available
but not gpg.
So it could be something like this:
| if [ -x /usr/bin/apt-key ] && [ -x /usr/bin/gpg ]; then
| /usr/bin/apt-key update
| fi
Regards
Carsten
----- Forwarded message from Philipp Kern <pk...@debian.org> -----
Date: Sun, 22 Aug 2010 16:10:03 +0200
From: Philipp Kern <pk...@debian.org>
To: Carsten Hey <cars...@debian.org>, 387...@bugs.debian.org
Subject: Re: Bug#387688: Add gnupg as apt dependency in Squeeze to be able
to solve #387688 in Squeeze+1?
Organization: The Debian Project (http://www.debian.org)
On Sun, Aug 22, 2010 at 03:11:19PM +0200, Carsten Hey wrote:
...
> This is unrelated, but filing a bug for something that is probably by
> intention (to make apt's ability to be able to verify signatures less
> fragile) did not sound useful. debian-archive-keyring does not remove
> the key in its prerm, unlike debian-backports-keyring:
>
> | case "$1" in
> | remove|purge)
> | if [ -x /usr/bin/apt-key ]; then
> | /usr/bin/apt-key del 12345678
> | fi
> | ;;
> | esac
Hm, interesting. It seems that d-a-k misses a call to `apt-key update'
as a postrm script. Would you mind filing a bug about that?
Apart from that key removals on upgrade are handled by calling `apt-key
update' in the postinst, so we just pass in the removed keys keyring which
is handled internally (and specially) by apt-key itself.
Kind regards,
Philipp Kern
----- End forwarded message -----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
