+
+ # gpg needs a trustdb to function, but it can't be invalid (not even empty)
+ # see also apt-key where this trickery comes from:
+ local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome"
+ mkdir "$TRUSTDBDIR"
+ chmod 700 "$TRUSTDBDIR"
+ # We also don't use a secret keyring, of course, but gpg panics and
+ # implodes if there isn't one available - and writeable for imports
+ local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
+ touch $SECRETKEYRING
+ # now create the trustdb with an (empty) dummy keyring
+ # newer gpg versions are fine without it, but play it safe for now
+ gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1
+