The following commit has been merged in the master branch:
commit 0a3d3fe21b629b55005c14889faaf8f84c4967c7
Author: Raphael Hertzog <[email protected]>
Date: Sun Jun 21 00:16:54 2009 +0200
dpkg-source: ensure trustedkeys.gpg is used to check signatures
diff --git a/debian/changelog b/debian/changelog
index a8438d1..c23eb40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -31,6 +31,9 @@ dpkg (1.15.3) UNRELEASED; urgency=low
normally blacklisted. This can be useful for libgcc to include symbols
that the toolchain allows to be shared but that are often static (and
hence are blacklisted for this reason). Closes: #533642
+ * In dpkg-source, explicitely pass --keyring ~/.gnupg/trustedkeys.gpg to
+ gpgv as it does not use it if other --keyring parameters are given.
+ Closes: #530769
[ Joachim Breitner ]
* Warn about unused substvars in dpkg-gencontrol. Closes: #532760
diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm
index 4f5469d..ee346f9 100644
--- a/scripts/Dpkg/Source/Package.pm
+++ b/scripts/Dpkg/Source/Package.pm
@@ -283,6 +283,9 @@ sub check_signature {
push @exec, "gpg", "--no-default-keyring", "-q", "--verify";
}
if (scalar(@exec)) {
+ if (-r "$ENV{'HOME'}/.gnupg/trustedkeys.gpg") {
+ push @exec, "--keyring", "$ENV{'HOME'}/.gnupg/trustedkeys.gpg";
+ }
foreach my $vendor_keyring (run_vendor_hook('keyrings')) {
if (-r $vendor_keyring) {
push @exec, "--keyring", $vendor_keyring;
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
