[tbb-commits] [tor-browser-build/master] Bug 30549: Avoid using keybox format in drop-expired-sub-keys
gk at torproject.org
gk at torproject.org
Mon Jul 8 06:58:46 UTC 2019
commit cd6555af118fa06a30d54a491618b50c5d463c5d
Author: Nicolas Vigier <boklm at torproject.org>
Date: Fri Jul 5 17:53:10 2019 +0200
Bug 30549: Avoid using keybox format in drop-expired-sub-keys
When creating a new keyring with gpg >= 2.1, it will be created in the
keybox format, which is only compatible with gpg >= 2.1. This means that
the drop-expired-sub-keys script will create keyring files which are not
compatible with older versions of gpg.
To avoid this, we use the output of gpg --export as the keyring file,
which is in the old format.
---
tools/keyring/drop-expired-sub-keys | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/keyring/drop-expired-sub-keys b/tools/keyring/drop-expired-sub-keys
index e7bbe50..f041746 100755
--- a/tools/keyring/drop-expired-sub-keys
+++ b/tools/keyring/drop-expired-sub-keys
@@ -16,7 +16,5 @@ set -e
keyring="$1"
test -f "$keyring"
tmpfile=$(mktemp)
-gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --armor --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile"
-rm -f "$keyring"
-gpg --no-auto-check-trustdb --trust-model always --no-default-keyring --keyring "$keyring" --import "$tmpfile"
-rm -f "$tmpfile"
+gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile"
+mv -f "$tmpfile" "$keyring"
More information about the tbb-commits
mailing list