Your message dated Fri, 14 Aug 2015 17:24:19 +0200 with message-id <20150814152419.GA18293@crossbow> and subject line Re: debian-archive-keyring: misses a call to `apt-key update' as a postrm script has caused the Debian Bug report #644817, regarding debian-archive-keyring: misses a call to `apt-key update' as a postrm script to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 644817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644817 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: debian-archive-keyring: misses a call to `apt-key update' as a postrm script
- From: Carsten Hey <carsten@debian.org>
- Date: Sun, 22 Aug 2010 17:07:59 +0200
- Message-id: <20100822150759.GI4569@foghorn.stateful.de>
- Mail-followup-to: Carsten Hey <carsten@debian.org>, submit@bugs.debian.org
Package: debian-archive-keyring Severity: minor Hi, debian-archive-keyring should remove old keys on upgrades, see forwarded mail. The call to apt-key update should only be run if apt-key and gpg both can be found since dependencies are not guaranteed to be available in postrm. The check for gpg to be available is necessary because apt could possibly recommend gnupg in future and thus apt-key could be available but not gpg. So it could be something like this: | if [ -x /usr/bin/apt-key ] && [ -x /usr/bin/gpg ]; then | /usr/bin/apt-key update | fi Regards Carsten ----- Forwarded message from Philipp Kern <pkern@debian.org> ----- Date: Sun, 22 Aug 2010 16:10:03 +0200 From: Philipp Kern <pkern@debian.org> To: Carsten Hey <carsten@debian.org>, 387688@bugs.debian.org Subject: Re: Bug#387688: Add gnupg as apt dependency in Squeeze to be able to solve #387688 in Squeeze+1? Organization: The Debian Project (http://www.debian.org) On Sun, Aug 22, 2010 at 03:11:19PM +0200, Carsten Hey wrote: ... > This is unrelated, but filing a bug for something that is probably by > intention (to make apt's ability to be able to verify signatures less > fragile) did not sound useful. debian-archive-keyring does not remove > the key in its prerm, unlike debian-backports-keyring: > > | case "$1" in > | remove|purge) > | if [ -x /usr/bin/apt-key ]; then > | /usr/bin/apt-key del 12345678 > | fi > | ;; > | esac Hm, interesting. It seems that d-a-k misses a call to `apt-key update' as a postrm script. Would you mind filing a bug about that? Apart from that key removals on upgrade are handled by calling `apt-key update' in the postinst, so we just pass in the removed keys keyring which is handled internally (and specially) by apt-key itself. Kind regards, Philipp Kern ----- End forwarded message -----
--- End Message ---
--- Begin Message ---
- To: 644817-done@bugs.debian.org
- Subject: Re: debian-archive-keyring: misses a call to `apt-key update' as a postrm script
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Fri, 14 Aug 2015 17:24:19 +0200
- Message-id: <20150814152419.GA18293@crossbow>
- In-reply-to: <20100822150759.GI4569@foghorn.stateful.de>
- References: <20100822150759.GI4569@foghorn.stateful.de>
On Sun, Aug 22, 2010 at 05:07:59PM +0200, Carsten Hey wrote: > debian-archive-keyring should remove old keys on upgrades, see forwarded > mail. This is now easily possible without the need for gnupg or apt-key as keys are shipped in fragment files in /etc/apt/trusted.gpg.d/ so a config-file remove away. Hence closing as not an issue anymore. Best regards David KalnischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---