Bug#452640: unnecessarily drags in debian-archive-keyring and gnupg

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#452640: unnecessarily drags in debian-archive-keyring and gnupg
From: Robert Millan <rmh@aybabtu.com>
Date: Sat, 24 Nov 2007 10:35:17 +0100
Message-id: <[🔎] 20071124093517.26338.66077.reportbug@thorin>
Reply-to: Robert Millan <rmh@aybabtu.com>, 452640@bugs.debian.org

Package: apt
Version: 0.7.9
Severity: normal
Tags: patch

apt depends on debian-archive-keyring, but it doesn't really need it, since
/usr/share/apt/debian-archive.gpg is already part of the apt package.

In turn, debian-archive-keyring depends on gnupg, which is only needed to
make apt-key useful.  But apt-key doesn't provide essential functionality
in apt, since the debian archive key is already loaded.  For performing the
actual verification, gpgv should be enough.

See attached patch (also corrects a minor mistake in a gpgv method error
message).

-- System Information:
Debian Release: lenny/sid
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=ca_AD.UTF-8, LC_CTYPE=ca_AD.UTF-8 (charmap=UTF-8)

Versions of packages apt depends on:
ii  debian-archive-keyring 2007.07.31~etch1  GnuPG archive keys of the Debian a
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libgcc1                1:4.1.1-21        GCC support library
ii  libstdc++6             4.1.1-21          The GNU Standard C++ Library v3

apt recommends no packages.

-- no debconf information

diff -urp apt-0.7.9.old/debian/control apt-0.7.9/debian/control
--- apt-0.7.9.old/debian/control	2007-07-31 01:26:07.000000000 +0200
+++ apt-0.7.9/debian/control	2007-11-24 10:28:12.000000000 +0100
@@ -10,11 +10,11 @@ XS-Vcs-Bzr: http://bzr.debian.org/apt/de
 
 Package: apt
 Architecture: any
-Depends: ${shlibs:Depends}, debian-archive-keyring
+Depends: ${shlibs:Depends}, gpgv
 Priority: important
 Replaces: libapt-pkg-doc (<< 0.3.7), libapt-pkg-dev (<< 0.3.7)
 Provides: ${libapt-pkg:provides}
-Suggests: aptitude | synaptic | gnome-apt | wajig, dpkg-dev, apt-doc, bzip2, lzma
+Suggests: aptitude | synaptic | gnome-apt | wajig, dpkg-dev, apt-doc, bzip2, lzma, debian-archive-keyring
 Section: admin
 Description: Advanced front-end for dpkg
  This is Debian's next generation front-end for the dpkg package manager.
diff -urp apt-0.7.9.old/methods/gpgv.cc apt-0.7.9/methods/gpgv.cc
--- apt-0.7.9.old/methods/gpgv.cc	2007-10-02 14:34:38.000000000 +0200
+++ apt-0.7.9/methods/gpgv.cc	2007-11-24 10:26:15.000000000 +0100
@@ -210,7 +210,7 @@ string GPGVMethod::VerifyGetSigners(cons
    }
    else if (WEXITSTATUS(status) == 111)
    {
-      ioprintf(ret, _("Could not execute '%s' to verify signature (is gnupg installed?)"), gpgvpath.c_str());
+      ioprintf(ret, _("Could not execute '%s' to verify signature (is gpgv installed?)"), gpgvpath.c_str());
       return ret.str();
    }
    else

Reply to:

Prev by Date: Bug#93549: atseethu
Next by Date: Bug#165140: testimonials 67
Previous by thread: Bug#93549: atseethu
Next by thread: Bug#165140: testimonials 67
Index(es):
- Date
- Thread