commit db41d8e754ed8cd6cee7bca18d76d59f8f7f369b
Author: Nicolas Vigier <bo...@torproject.org>
Date:   Tue Mar 6 21:27:39 2018 +0100

    Bug 25435: use --no-auto-check-trustdb to avoid modifying gpg keyring files
    
    By default gpg will from time to time update its trust database. When
    this happens it will also modify the keyring files to add some trust
    information. To avoid this we add the --no-auto-check-trustdb option.
    
    As we don't use the Web of Trust when we use a keyring file, we also
    disable it using `--trust-model always`.
---
 lib/RBM/DefaultConfig.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm
index 4121264..d758b8e 100644
--- a/lib/RBM/DefaultConfig.pm
+++ b/lib/RBM/DefaultConfig.pm
@@ -216,7 +216,8 @@ OPT_END
 export LC_ALL=C
 [%
     IF c('gpg_keyring');
-        SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), 
path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
+        SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), 
path(c('gpg_keyring_dir')))
+                     _ ' --no-default-keyring --no-auto-check-trustdb 
--trust-model always';
     END;
 -%]
 exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] 
"\$@"

_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to