commit db41d8e754ed8cd6cee7bca18d76d59f8f7f369b Author: Nicolas Vigier boklm@torproject.org Date: Tue Mar 6 21:27:39 2018 +0100
Bug 25435: use --no-auto-check-trustdb to avoid modifying gpg keyring files
By default gpg will from time to time update its trust database. When this happens it will also modify the keyring files to add some trust information. To avoid this we add the --no-auto-check-trustdb option.
As we don't use the Web of Trust when we use a keyring file, we also disable it using `--trust-model always`. --- lib/RBM/DefaultConfig.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm index 4121264..d758b8e 100644 --- a/lib/RBM/DefaultConfig.pm +++ b/lib/RBM/DefaultConfig.pm @@ -216,7 +216,8 @@ OPT_END export LC_ALL=C [% IF c('gpg_keyring'); - SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring'; + SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) + _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always'; END; -%] exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
tbb-commits@lists.torproject.org