[tor-commits] [tor-browser-build/master] Bug 30549: Avoid using keybox format in drop-expired-sub-keys

[gk at torproject.org]

commit cd6555af118fa06a30d54a491618b50c5d463c5d
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Fri Jul 5 17:53:10 2019 +0200

    Bug 30549: Avoid using keybox format in drop-expired-sub-keys
    
    When creating a new keyring with gpg >= 2.1, it will be created in the
    keybox format, which is only compatible with gpg >= 2.1. This means that
    the drop-expired-sub-keys script will create keyring files which are not
    compatible with older versions of gpg.
    
    To avoid this, we use the output of gpg --export as the keyring file,
    which is in the old format.
---
 tools/keyring/drop-expired-sub-keys | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tools/keyring/drop-expired-sub-keys b/tools/keyring/drop-expired-sub-keys
index e7bbe50..f041746 100755
--- a/tools/keyring/drop-expired-sub-keys
+++ b/tools/keyring/drop-expired-sub-keys
@@ -16,7 +16,5 @@ set -e
 keyring="$1"
 test -f "$keyring"
 tmpfile=$(mktemp)
-gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --armor --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile"
-rm -f "$keyring"
-gpg --no-auto-check-trustdb --trust-model always --no-default-keyring --keyring "$keyring" --import "$tmpfile"
-rm -f "$tmpfile"
+gpg --no-auto-check-trustdb --no-default-keyring --keyring "$keyring" --export-options export-clean --export-filter 'drop-subkey=expired -t || revoked -t' --export > "$tmpfile"
+mv -f "$tmpfile" "$keyring"