On Sat, Mar 26, 2011 at 10:33:17AM +0100, David Kalnischkies wrote: > On Fri, Mar 25, 2011 at 05:19, Josh Triplett <j...@joshtriplett.org> wrote: > > apt doesn't need to maintain the GPG trustdb in /etc/apt/trustdb.gpg; > > apt trusts all keys in /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d/* > > .. Please consider getting rid of the trustdb, and if necessary just > > telling GPG to trust all keys in the trusted keyring. > > Do you have an idea how to let this work? > > > Last time i checked gpg doesn't like to be run without a trustdb… > > Following the gpg command apt-key uses to import the debian-archive-keyring > without the --trustdb-name option it uses to switch to its own one: > > $ gpg --ignore-time-conflict --no-options --no-default-keyring > --secret-keyring /etc/apt/secring.gpg --quiet --batch --keyring > /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg > --ignore-time-conflict --no-options --no-default-keyring > --secret-keyring /etc/apt/secring.gpg --keyring /etc/apt/trusted.gpg > --primary-keyring /etc/apt/trusted.gpg --import > gpg: key F42584E6: "Lenny Stable Release Key > <debian-rele...@lists.debian.org>" not changed > gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) > <ftpmas...@debian.org>" not changed > gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key > (5.0/lenny)" not changed > gpg: key B98321F9: "Squeeze Stable Release Key > <debian-rele...@lists.debian.org>" not changed > gpg: key 473041FA: "Debian Archive Automatic Signing Key (6.0/squeeze) > <ftpmas...@debian.org>" not changed > gpg: Total number processed: 5 > gpg: unchanged: 5 > gpg: fatal: /root/.gnupg: directory does not exist! > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 > > if all keys are already present its successful but prints this gpg fatal - > otherwise it fails with the same message > (without the two-line statistic about processed keys). > > I think this is very similar to --secrect-keyring which isn't really needed, > but gpg seems to insist on having it around…
--trustdb-name /dev/null seems to work just fine, as does --secret-keyring /dev/null. - Josh Triplett -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org