you want to be nice and quote a filename just to be reminded by gpg

[apt.git] / cmdline / apt-key

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 843163f82c5fc3367f9a4d023817763888af8312..e632be706c49c581d3d9593ec3e48e2a9ec9c34d 100755 (executable)
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -5,9 +5,12 @@ unset GREP_OPTIONS
 
 # We don't use a secret keyring, of course, but gpg panics and
 # implodes if there isn't one available
-GPG_CMD='gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg'
+SECRETKEYRING="$(mktemp)"
+trap "rm -f '${SECRETKEYRING}'" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring ${SECRETKEYRING}"
 
 if [ "$(id -u)" -eq 0 ]; then
+       # we could use a tmpfile here too, but creation of this tends to be time-consuming
        GPG_CMD="$GPG_CMD --trustdb-name /etc/apt/trustdb.gpg"
 fi