[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#644817: marked as done (debian-archive-keyring: misses a call to `apt-key update' as a postrm script)



Your message dated Fri, 14 Aug 2015 17:24:19 +0200
with message-id <20150814152419.GA18293@crossbow>
and subject line Re: debian-archive-keyring: misses a call to `apt-key update' as a postrm script
has caused the Debian Bug report #644817,
regarding debian-archive-keyring: misses a call to `apt-key update' as a postrm script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
644817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644817
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: debian-archive-keyring
Severity: minor

Hi,

debian-archive-keyring should remove old keys on upgrades, see forwarded
mail.

The call to apt-key update should only be run if apt-key and gpg both
can be found since dependencies are not guaranteed to be available in
postrm.

The check for gpg to be available is necessary because apt could
possibly recommend gnupg in future and thus apt-key could be available
but not gpg.

So it could be something like this:

| if [ -x /usr/bin/apt-key ] && [ -x /usr/bin/gpg ]; then
|         /usr/bin/apt-key update
| fi


Regards
Carsten


----- Forwarded message from Philipp Kern <pkern@debian.org> -----

Date: Sun, 22 Aug 2010 16:10:03 +0200
From: Philipp Kern <pkern@debian.org>
To: Carsten Hey <carsten@debian.org>, 387688@bugs.debian.org
Subject: Re: Bug#387688: Add gnupg as apt dependency in Squeeze to be able
	to solve #387688 in Squeeze+1?
Organization: The Debian Project (http://www.debian.org)

On Sun, Aug 22, 2010 at 03:11:19PM +0200, Carsten Hey wrote:

...

> This is unrelated, but filing a bug for something that is probably by
> intention (to make apt's ability to be able to verify signatures less
> fragile) did not sound useful.  debian-archive-keyring does not remove
> the key in its prerm, unlike debian-backports-keyring:
>
> | case "$1" in
> |     remove|purge)
> |         if [ -x /usr/bin/apt-key ]; then
> |                 /usr/bin/apt-key del 12345678
> |         fi
> |         ;;
> | esac

Hm, interesting.  It seems that d-a-k misses a call to `apt-key update'
as a postrm script.  Would you mind filing a bug about that?

Apart from that key removals on upgrade are handled by calling `apt-key
update' in the postinst, so we just pass in the removed keys keyring which
is handled internally (and specially) by apt-key itself.

Kind regards,
Philipp Kern




----- End forwarded message -----



--- End Message ---
--- Begin Message ---
On Sun, Aug 22, 2010 at 05:07:59PM +0200, Carsten Hey wrote:
> debian-archive-keyring should remove old keys on upgrades, see forwarded
> mail.

This is now easily possible without the need for gnupg or apt-key as
keys are shipped in fragment files in /etc/apt/trusted.gpg.d/ so
a config-file remove away.

Hence closing as not an issue anymore.


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply to: