[tor-commits] [rbm/master] Bug 25435: use --no-auto-check-trustdb to avoid modifying gpg keyring files
gk at torproject.org
gk at torproject.org
Wed Mar 7 07:29:59 UTC 2018
commit db41d8e754ed8cd6cee7bca18d76d59f8f7f369b
Author: Nicolas Vigier <boklm at torproject.org>
Date: Tue Mar 6 21:27:39 2018 +0100
Bug 25435: use --no-auto-check-trustdb to avoid modifying gpg keyring files
By default gpg will from time to time update its trust database. When
this happens it will also modify the keyring files to add some trust
information. To avoid this we add the --no-auto-check-trustdb option.
As we don't use the Web of Trust when we use a keyring file, we also
disable it using `--trust-model always`.
---
lib/RBM/DefaultConfig.pm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm
index 4121264..d758b8e 100644
--- a/lib/RBM/DefaultConfig.pm
+++ b/lib/RBM/DefaultConfig.pm
@@ -216,7 +216,8 @@ OPT_END
export LC_ALL=C
[%
IF c('gpg_keyring');
- SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
+ SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir')))
+ _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
END;
-%]
exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "\$@"
More information about the tor-commits
mailing list