X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/f5b622ed48fdbe235d81b61b3edd8dbb84d9cc9c..ad2d0cef574ff0143ee27cdbd058cba179368dbd:/cmdline/apt-key?ds=sidebyside

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 843163f82..c184e3e75 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -5,10 +5,14 @@ unset GREP_OPTIONS
 
 # We don't use a secret keyring, of course, but gpg panics and
 # implodes if there isn't one available
-GPG_CMD='gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg'
+SECRETKEYRING="$(mktemp)"
+trap "rm -f '${SECRETKEYRING}'" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring ${SECRETKEYRING}"
 
 if [ "$(id -u)" -eq 0 ]; then
-	GPG_CMD="$GPG_CMD --trustdb-name /etc/apt/trustdb.gpg"
+	# we could use a tmpfile here too, but creation of this tends to be time-consuming
+	eval $(apt-config shell TRUSTDBDIR Dir::Etc/d)
+	GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
 fi
 
 GPG="$GPG_CMD"
@@ -149,7 +153,7 @@ if [ "$1" = "--keyring" ]; then
         #echo "keyfile given"
 	shift
 	TRUSTEDFILE="$1"
-	if [ -r "$TRUSTEDFILE" ]; then
+	if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ]; then
 		GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE"
 	else
 		echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable"