- SECRING='/etc/apt/secring.gpg'
- # test if secring is an empty normal file
- if test -f $SECRING -a ! -s $SECRING; then
- rm -f $SECRING
+ if dpkg --compare-versions "$2" lt 1.1~exp4; then
+ # apt-key before 0.9.10 could leave empty keyrings around
+ find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do
+ if ! test -s "$keyring"; then
+ rm -f "$keyring"
+ fi
+ done
+ # apt-key before 0.9.8.2 could create 0600 trusted.gpg file
+ if test -e /etc/apt/trusted.gpg ; then
+ chmod -f 0644 /etc/apt/trusted.gpg || true
+ fi
+ fi
+
+ if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
+ # we are using tmpfiles for both
+ rm -f /etc/apt/trustdb.gpg
+ # this removal was done unconditional since 0.8.15.3
+ SECRING='/etc/apt/secring.gpg'
+ # test if secring is an empty normal file
+ if test -f $SECRING -a ! -s $SECRING; then
+ rm -f $SECRING
+ fi
+ fi
+
+ # add unprivileged user for the apt methods
+ adduser --force-badname --system -home /var/empty \
+ --no-create-home --quiet _apt || true
+
+ # deal with upgrades from experimental
+ if dpkg --compare-versions "$2" 'eq' '1.1~exp3'; then
+ # libapt will setup partial/ at runtime
+ chown -R root:root /var/lib/apt/lists /var/cache/apt/archives || true