* Carsten Hey [2011-03-31 02:18 +0200]: > * David Kalnischkies [2011-03-30 18:11 +0200]: > > It doesn't currently (command not found), but after all, what is a > > 'sane way' to fail? > > ... > > Patch attached.
This patch was a bit too simple, since it does not allow net-update or help to be run. I could prepare a improved patch if you want me to so. > I attached an example postinst for keyring packages. It currently does > not handle migration from keyring packages using apt-key to the new > interface. It also does not handle removing keys (would be the wrong > script anyway ;)). There could be a debhelper command (either as part of debhelper itself or an extra package ideally maintained by the APT team) for keyrings that installs the maintainer scripts and places the keyrings into /usr/share/keyrings. On the other hand, it would only be used by a few packages. Advantage (besides avoiding everyone inventing their own scripts) would be that future changes would only require one package to be changed. This debhelper command could also handle the dependency on gpgv. If you want to recommend d-a-k instead of depend on it, debootstrap and cdebootstrap should also install d-a-k if they install apt. Appropriate bugs would need to be filed. Files in /usr/share/keyrings must not be changed by apt-key. One way to ensure this could be: * Keyring packages installing links to trusted.gpg.d set their permissions to 444 (not writable). This could be handled by dh_fixperms. * apt-key checks if the keyring to be changed is a symlink (maybe additional if it is outside of /etc?) to a file without write permissions. If it is, it replaces the symlink with the keyring file and then changes it. If keyrings are splitted into multiple files could be up to the keyring maintainers. apt-key could try to handle keyrings with a single key in a sane way, for example, if such a key is removed just remove the symlink. After apt-key has been improved, possibly debootstrap, cdebootstrap and/or debhelper have been adapted and the example/template maintainer scripts have been approved by the APT team (you), bugs against the keyring packages could be filed. After the fix for apt's postinst has been applied apt's dependency on gnupg could IMHO be dropped. Regards Carsten -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
