commit cd6555af118fa06a30d54a491618b50c5d463c5d Author: Nicolas Vigier boklm@torproject.org Date: Fri Jul 5 17:53:10 2019 +0200
Bug 30549: Avoid using keybox format in drop-expired-sub-keys
When creating a new keyring with gpg >= 2.1, it will be created in the keybox format, which is only compatible with gpg >= 2.1. This means that the drop-expired-sub-keys script will create keyring files which are not compatible with older versions of gpg.
To avoid this, we use the output of gpg --export as the keyring file, which is in the old format. --- tools/keyring/drop-expired-sub-keys | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/keyring/drop-expired-sub-keys b/tools/keyring/drop-expired-sub-keys index e7bbe50..f041746 100755 --- a/tools/keyring/drop-expired-sub-keys +++ b/tools/keyring/drop-expired-sub-keys @@ -16,7 +16,5 @@ set -e keyring="$1" test -f "$keyring" tmpfile=$(mktemp) -gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --armor --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile" -rm -f "$keyring" -gpg --no-auto-check-trustdb --trust-model always --no-default-keyring --keyring "$keyring" --import "$tmpfile" -rm -f "$tmpfile" +gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile" +mv -f "$tmpfile" "$keyring"