summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog8
-rw-r--r--doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment14
-rw-r--r--src/Propellor/Property/Apt.hs2
3 files changed, 23 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index b081d04f..92581607 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.3.4) UNRELEASED; urgency=medium
+
+ * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
+ which seems to not work anymore.
+ Thanks, Russell Sim.
+
+ -- Joey Hess <id@joeyh.name> Thu, 01 Mar 2018 18:25:04 -0400
+
propellor (5.3.3) unstable; urgency=medium
* Warn again about new upstream version when ~/.propellor was cloned from the
diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
new file mode 100644
index 00000000..b1f82b19
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-03-01T22:20:54Z"
+ content="""
+I added trustsKey in 2014, but my current config is not using
+it for anything, so it seems likely it's bitrotted in some way.
+And there's no rationalle documented for why it manually drives gpg.
+
+I've applied your change to use apt-key.
+
+I wonder if the nukeFile of the "gpg dropping" is actually needed
+anymore?
+"""]]
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index d44b5c38..7275205a 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -447,7 +447,7 @@ trustsKey k = trustsKey' k <!> untrustKey k
trustsKey' :: AptKey -> Property DebianLike
trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do
withHandle StdinHandle createProcessSuccess
- (proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do
+ (proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do
hPutStr h (pubkey k)
hClose h
nukeFile $ f ++ "~" -- gpg dropping